CVE-2021-31618 (GCVE-0-2021-31618)

Vulnerability from cvelistv5 – Published: 2021-06-15 00:00 – Updated: 2024-08-03 23:03
VLAI
Title
NULL pointer dereference on specially crafted HTTP/2 request
Summary
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.
Severity
No CVSS data available.
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Credits
Apache HTTP server would like to thank LI ZHI XIN from NSFocus for reporting this.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-31618",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T16:18:33.082195Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:39.340Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "name": "[oss-security] 20210609 CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/06/10/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://seclists.org/oss-sec/2021/q2/206"
          },
          {
            "name": "[httpd-cvs] 20210615 svn commit: r1890801 - /httpd/site/trunk/content/security/json/CVE-2021-31618.json",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210615 svn commit: r1075782 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "FEDORA-2021-051639aad4",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/"
          },
          {
            "name": "FEDORA-2021-181f29c392",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/"
          },
          {
            "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"
          },
          {
            "name": "DSA-4937",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4937"
          },
          {
            "name": "GLSA-202107-38",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-38"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210727-0008/"
          },
          {
            "name": "[oss-security] 20240313 Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/13/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.4.47"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Apache HTTP server would like to thank  LI ZHI XIN from NSFocus for reporting this."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "important"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T17:10:59.750Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "name": "[oss-security] 20210609 CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/06/10/9"
        },
        {
          "url": "https://seclists.org/oss-sec/2021/q2/206"
        },
        {
          "name": "[httpd-cvs] 20210615 svn commit: r1890801 - /httpd/site/trunk/content/security/json/CVE-2021-31618.json",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210615 svn commit: r1075782 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_24.html",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "FEDORA-2021-051639aad4",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/"
        },
        {
          "name": "FEDORA-2021-181f29c392",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/"
        },
        {
          "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"
        },
        {
          "name": "DSA-4937",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4937"
        },
        {
          "name": "GLSA-202107-38",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202107-38"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210727-0008/"
        },
        {
          "name": "[oss-security] 20240313 Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/03/13/2"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "NULL pointer dereference on specially crafted HTTP/2 request",
      "workarounds": [
        {
          "lang": "en",
          "value": "On unpatched servers, the `h2` protocol can be disabled by removing it from the `Protocols` configuration. If the `h2` protocol is not enabled, the server is not affected by this vulnerability."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-31618",
    "datePublished": "2021-06-15T00:00:00.000Z",
    "dateReserved": "2021-04-23T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:03:33.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-31618",
      "date": "2026-05-31",
      "epss": "0.11001",
      "percentile": "0.93554"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-31618\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2021-06-15T09:15:07.960\",\"lastModified\":\"2024-11-21T06:06:02.403\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.\"},{\"lang\":\"es\",\"value\":\"El administrador de protocolos del servidor HTTP Apache para el protocolo HTTP/2 comprueba las encabezados de las peticiones recibidas frente a las limitaciones de tama\u00f1o configuradas para el servidor y usadas tambi\u00e9n para el protocolo HTTP/1. En caso de violaci\u00f3n de estas restricciones, se env\u00eda una respuesta HTTP al cliente con un c\u00f3digo de estado indicando por qu\u00e9 se ha rechazado la petici\u00f3n. Esta respuesta de rechazo no se inicializaba completamente en el manejador del protocolo HTTP/2 si la cabecera infractora era la primera que se recib\u00eda o aparec\u00eda en un pie de p\u00e1gina. Esto conllevaba una desviaci\u00f3n del puntero NULL en la memoria inicializada, bloqueando de forma fiable el proceso hijo. Dado que desencadenar una petici\u00f3n HTTP/2 de este tipo es f\u00e1cil de dise\u00f1ar y enviar, esto puede ser explotado para hacer una DoS al servidor. Este problema afectaba \u00fanicamente a mod_http2 versi\u00f3n 1.15.17 y a la versi\u00f3n 2.4.47 del servidor HTTP de Apache. Apache HTTP Server versi\u00f3n 2.4.47 nunca fue liberado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:1.15.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0F7A719-7301-47ED-9AC2-5878FA93EC92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B335598-BC0C-4993-944B-23798F0CF818\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F69B9A5-F21B-4904-9F27-95C0F7A628E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]}],\"references\":[{\"url\":\"http://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/06/10/9\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/13/2\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/\",\"source\":\"security@apache.org\"},{\"url\":\"https://seclists.org/oss-sec/2021/q2/206\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202107-38\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210727-0008/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4937\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/06/10/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/13/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/oss-sec/2021/q2/206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202107-38\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210727-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://httpd.apache.org/security/vulnerabilities_24.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/06/10/9\", \"name\": \"[oss-security] 20210609 CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/oss-sec/2021/q2/206\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E\", \"name\": \"[httpd-cvs] 20210615 svn commit: r1890801 - /httpd/site/trunk/content/security/json/CVE-2021-31618.json\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E\", \"name\": \"[httpd-cvs] 20210615 svn commit: r1075782 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_24.html\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/\", \"name\": \"FEDORA-2021-051639aad4\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/\", \"name\": \"FEDORA-2021-181f29c392\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\", \"name\": \"[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4937\", \"name\": \"DSA-4937\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202107-38\", \"name\": \"GLSA-202107-38\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210727-0008/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/13/2\", \"name\": \"[oss-security] 20240313 Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T23:03:33.651Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-31618\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-20T16:18:33.082195Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-20T16:18:41.313Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"NULL pointer dereference on specially crafted HTTP/2 request\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Apache HTTP server would like to thank  LI ZHI XIN from NSFocus for reporting this.\"}], \"metrics\": [{\"other\": {\"type\": \"unknown\", \"content\": {\"other\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache HTTP Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.4.47\"}]}], \"references\": [{\"url\": \"http://httpd.apache.org/security/vulnerabilities_24.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/06/10/9\", \"name\": \"[oss-security] 20210609 CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://seclists.org/oss-sec/2021/q2/206\"}, {\"url\": \"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E\", \"name\": \"[httpd-cvs] 20210615 svn commit: r1890801 - /httpd/site/trunk/content/security/json/CVE-2021-31618.json\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E\", \"name\": \"[httpd-cvs] 20210615 svn commit: r1075782 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_24.html\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/\", \"name\": \"FEDORA-2021-051639aad4\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/\", \"name\": \"FEDORA-2021-181f29c392\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html\", \"name\": \"[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4937\", \"name\": \"DSA-4937\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202107-38\", \"name\": \"GLSA-202107-38\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210727-0008/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/13/2\", \"name\": \"[oss-security] 20240313 Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request\", \"tags\": [\"mailing-list\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"On unpatched servers, the `h2` protocol can be disabled by removing it from the `Protocols` configuration. If the `h2` protocol is not enabled, the server is not affected by this vulnerability.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476 NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-05-01T17:10:59.750Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-31618\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-03T23:03:33.651Z\", \"dateReserved\": \"2021-04-23T00:00:00.000Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2021-06-15T00:00:00.000Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.