You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2021/09/16 12:45:40 UTC
[httpd-site] branch main updated: Revert "Add descriptions for
CVE-2021-33193 CVE-2021-36160"
This is an automated email from the ASF dual-hosted git repository.
rpluem pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/httpd-site.git
The following commit(s) were added to refs/heads/main by this push:
new ee79899 Revert "Add descriptions for CVE-2021-33193 CVE-2021-36160"
ee79899 is described below
commit ee798991f708c2400218c81a4a0e8b21308cff32
Author: Ruediger Pluem <r....@gmx.de>
AuthorDate: Thu Sep 16 14:45:31 2021 +0200
Revert "Add descriptions for CVE-2021-33193 CVE-2021-36160"
This reverts commit 1b66caa85613b07634140a9150b557c4652ea826.
---
content/security/json/CVE-2021-33193.json | 101 ------------------------------
content/security/json/CVE-2021-36160.json | 97 ----------------------------
2 files changed, 198 deletions(-)
diff --git a/content/security/json/CVE-2021-33193.json b/content/security/json/CVE-2021-33193.json
deleted file mode 100644
index 429b02b..0000000
--- a/content/security/json/CVE-2021-33193.json
+++ /dev/null
@@ -1,101 +0,0 @@
-{
- "CVE_data_meta": {
- "ASSIGNER": "security@apache.org",
- "ID": "CVE-2021-33193",
- "STATE": "PUBLIC",
- "TITLE": "Request splitting via HTTP/2 method injection and mod_proxy"
- },
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "Apache HTTP Server",
- "version": {
- "version_data": [
- {
- "version_name": "Apache HTTP Server 2.4",
- "version_value": "2.4.17 to 2.4.48"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "Apache Software Foundation"
- }
- ]
- }
- },
- "credit": [
- {
- "lang": "eng",
- "value": "Reported by James Kettle of PortSwigger"
- }
- ],
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
- "description": {
- "description_data": [
- {
- "lang": "eng",
- "value": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.\n\nThis issue affects Apache HTTP Server 2.4.17 to 2.4.48."
- }
- ]
- },
- "generator": {
- "engine": "Vulnogram 0.0.9"
- },
- "impact": [
- {
- "other": "moderate"
- }
- ],
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "Request Splitting"
- }
- ]
- }
- ]
- },
- "references": {
- "reference_data": [
- {
- "refsource": "CONFIRM",
- "url": "https://portswigger.net/research/http2"
- },
- {
- "refsource": "CONFIRM",
- "url": "https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch"
- }
- ]
- },
- "source": {
- "discovery": "UNKNOWN"
- },
- "timeline": [
- {
- "lang": "eng",
- "time": "2021-05-11",
- "value": "reported"
- },
- {
- "lang": "eng",
- "time": "2021-08-06",
- "value": "public"
- },
- {
- "lang": "eng",
- "time": "2021-09-16",
- "value": "2.4.49 released"
- }
- ]
-}
\ No newline at end of file
diff --git a/content/security/json/CVE-2021-36160.json b/content/security/json/CVE-2021-36160.json
deleted file mode 100644
index 735a35e..0000000
--- a/content/security/json/CVE-2021-36160.json
+++ /dev/null
@@ -1,97 +0,0 @@
-{
- "CVE_data_meta": {
- "ASSIGNER": "security@apache.org",
- "ID": "CVE-2021-36160",
- "STATE": "READY",
- "TITLE": "mod_proxy_uwsgi out of bound read"
- },
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "Apache HTTP Server",
- "version": {
- "version_data": [
- {
- "version_affected": "<=",
- "version_name": "Apache HTTP Server 2.4",
- "version_value": "2.4.48"
- },
- {
- "version_affected": "!<",
- "version_name": "Apache HTTP Server 2.4",
- "version_value": "2.4.30"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "Apache Software Foundation"
- }
- ]
- }
- },
- "credit": [
- {
- "lang": "eng",
- "value": "LI ZHI XIN from NSFocus Security Team"
- }
- ],
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
- "description": {
- "description_data": [
- {
- "lang": "eng",
- "value": "A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).\n\nThis issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive)."
- }
- ]
- },
- "generator": {
- "engine": "Vulnogram 0.0.9"
- },
- "impact": [
- {
- "other": "moderate"
- }
- ],
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "CWE-125 out of bound read"
- }
- ]
- }
- ]
- },
- "references": {
- "reference_data": [
- {
- "refsource": "CONFIRM"
- }
- ]
- },
- "source": {
- "discovery": "UNKNOWN"
- },
- "timeline": [
- {
- "lang": "eng",
- "time": "2021-04-26",
- "value": "reported"
- },
- {
- "lang": "eng",
- "time": "2021-09-16",
- "value": "2.4.49 release"
- }
- ]
-}
\ No newline at end of file