CVE-2021-44790
Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Productos afectados
Apache Software Foundation · Apache HTTP ServerPoCs públicas encontradas — 3
githubgithub.com/nuPacaChi/-CVE-2021-44790★ 4cve_referencepacketstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.htmlno verificadoexploitdbwww.exploit-db.com/exploits/51193no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://httpd.apache.org/security/vulnerabilities_24.htmlhttp://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2022/May/33http://seclists.org/fulldisclosure/2022/May/35http://seclists.org/fulldisclosure/2022/May/38https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/https://security.gentoo.org/glsa/202208-20https://security.netapp.com/advisory/ntap-20211224-0001/https://support.apple.com/kb/HT213255