You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by alchemist vk <al...@gmail.com> on 2021/10/19 06:48:49 UTC

[users@httpd] Regarding CVE-2021-40438

Hi All,
 I understand that, CVE-2021-40438 is fixed in httpd release 2.4.50 onwards.
But I would like to know more about, how this issue can be exploitable in
prior versions and can I know the commit id/patch details for this issue.

Tried looking into commit details in github apache repo, but couldnt find
anything specific to CVE-2021-40438.

Please help me in this regard,

With Regards
Venkatesh

Re: [users@httpd] Regarding CVE-2021-40438

Posted by alchemist vk <al...@gmail.com>.

Thanks Nick for your response.
I recently started looking to webserver and getting hands-on with these
things.
So I thought I can get higher exposure if I learn more about these CVEs and
implications. So I posted the question in this forum.

With Regards,
Venkatesh

On Tue, Oct 19, 2021 at 4:05 PM Nick Folino <ni...@folino.us> wrote:

> Nobody here is going to tell you how to exploit vulnerabilities.
> If you can't figure it out by reading the code then upgrade to the fixed
> version.
>
> Nick
>
> On Tue, Oct 19, 2021 at 2:49 AM alchemist vk <al...@gmail.com>
> wrote:
>
>> Hi All,
>>  I understand that, CVE-2021-40438 is fixed in httpd release 2.4.50
>> onwards.
>> But I would like to know more about, how this issue can be exploitable in
>> prior versions and can I know the commit id/patch details for this issue.
>>
>> Tried looking into commit details in github apache repo, but couldnt find
>> anything specific to CVE-2021-40438.
>>
>> Please help me in this regard,
>>
>> With Regards
>> Venkatesh
>>
>

Re: [users@httpd] Regarding CVE-2021-40438

Posted by Nick Folino <ni...@folino.us>.

Nobody here is going to tell you how to exploit vulnerabilities.
If you can't figure it out by reading the code then upgrade to the fixed
version.

Nick

On Tue, Oct 19, 2021 at 2:49 AM alchemist vk <al...@gmail.com> wrote:

> Hi All,
>  I understand that, CVE-2021-40438 is fixed in httpd release 2.4.50
> onwards.
> But I would like to know more about, how this issue can be exploitable in
> prior versions and can I know the commit id/patch details for this issue.
>
> Tried looking into commit details in github apache repo, but couldnt find
> anything specific to CVE-2021-40438.
>
> Please help me in this regard,
>
> With Regards
> Venkatesh
>