Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-39275 (GCVE-0-2021-39275)
Vulnerability from cvelistv5 – Published: 2021-09-16 14:40 – Updated: 2024-08-04 02:06
VLAI
EPSS
Title
ap_escape_quotes buffer overflow
Summary
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
15 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
Apache HTTP Server 2.4 , ≤ 2.4.48
(custom)
|
Credits
ClusterFuzz
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:42.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "FEDORA-2021-dce7e7738e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"name": "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"name": "DSA-4982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"name": "GLSA-202208-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.48",
"status": "affected",
"version": "Apache HTTP Server 2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ClusterFuzz"
}
],
"descriptions": [
{
"lang": "en",
"value": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier."
}
],
"metrics": [
{
"other": {
"content": {
"other": "low"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T01:06:08.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "FEDORA-2021-dce7e7738e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"name": "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"name": "DSA-4982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"name": "GLSA-202208-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-20"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-09-16T00:00:00.000Z",
"value": "2.4.49 released"
}
],
"title": "ap_escape_quotes buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-39275",
"STATE": "PUBLIC",
"TITLE": "ap_escape_quotes buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache HTTP Server 2.4",
"version_value": "2.4.48"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ClusterFuzz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "low"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "FEDORA-2021-dce7e7738e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"name": "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"name": "DSA-4982",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211008-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"name": "GLSA-202208-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-20"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-09-16T00:00:00.000Z",
"value": "2.4.49 released"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-39275",
"datePublished": "2021-09-16T14:40:22.000Z",
"dateReserved": "2021-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:06:42.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-39275",
"date": "2026-05-27",
"epss": "0.37674",
"percentile": "0.97263"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-39275\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2021-09-16T15:15:07.580\",\"lastModified\":\"2025-05-01T15:39:40.260\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.\"},{\"lang\":\"es\",\"value\":\"la funci\u00f3n ap_escape_quotes() puede escribir m\u00e1s all\u00e1 del final de un buffer cuando se le da una entrada maliciosa. Ning\u00fan m\u00f3dulo incluido pasa datos no confiables a estas funciones, pero los m\u00f3dulos externos o de terceros pueden hacerlo. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.49\",\"matchCriteriaId\":\"482A1EA3-C8EB-46B6-BFD8-562D7515A383\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD04BEE5-E9A8-4584-A68C-0195CE9C402C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F69B9A5-F21B-4904-9F27-95C0F7A628E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D09241FF-5652-4020-A626-D604134D5020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0A5CC25-A323-4D49-8989-5A417D12D646\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-20\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211008-0004/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4982\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211008-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2024-AVI-0027
Vulnerability from certfr_avis - Published: 2024-01-11 - Updated: 2024-01-11
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | CTPView versions versions antérieures à 9.1R5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved version antérieures à 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO | ||
| Juniper Networks | N/A | Paragon Active Assurance versions antérieures à 3.1.2, 3.2.3, 3.3.2 et 3.4.1 | ||
| Juniper Networks | Junos OS | Junos OS version antérieures à 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions antérieures à SSR-6.2.3-r2 | ||
| Juniper Networks | N/A | Security Director Insights versions antérieures à 23.1R1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CTPView versions versions ant\u00e9rieures \u00e0 9.1R5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved version ant\u00e9rieures \u00e0 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions ant\u00e9rieures \u00e0 3.1.2, 3.2.3, 3.3.2 et 3.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS version ant\u00e9rieures \u00e0 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-6.2.3-r2",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Security Director Insights versions ant\u00e9rieures \u00e0 23.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
},
{
"name": "CVE-2024-21602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21602"
},
{
"name": "CVE-2022-41974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41974"
},
{
"name": "CVE-2023-38802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38802"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-42720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
},
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2022-41973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41973"
},
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2024-21616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21616"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2023-2235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-1281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1281"
},
{
"name": "CVE-2024-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21599"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2024-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21614"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2022-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2024-21607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21607"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2022-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3239"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2024-21596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21596"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2021-33656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33656"
},
{
"name": "CVE-2023-1582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
},
{
"name": "CVE-2022-4129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2023-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
},
{
"name": "CVE-2024-21604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21604"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"name": "CVE-2020-9493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2022-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2022-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
},
{
"name": "CVE-2024-21600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21600"
},
{
"name": "CVE-2021-33655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-21606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21606"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2022-41222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41222"
},
{
"name": "CVE-2016-10009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-21591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21591"
},
{
"name": "CVE-2020-12321",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2022-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21587"
},
{
"name": "CVE-2022-42721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-4254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4254"
},
{
"name": "CVE-2024-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21617"
},
{
"name": "CVE-2023-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1195"
},
{
"name": "CVE-2024-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21589"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
},
{
"name": "CVE-2022-20141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20141"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2024-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21595"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2022-22164",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22164"
},
{
"name": "CVE-2024-21597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21597"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2023-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2021-26341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26341"
},
{
"name": "CVE-2022-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2022-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3619"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2023-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
},
{
"name": "CVE-2022-25265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25265"
},
{
"name": "CVE-2022-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
},
{
"name": "CVE-2022-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
},
{
"name": "CVE-2022-3623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
},
{
"name": "CVE-2024-21611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21611"
},
{
"name": "CVE-2024-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21613"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2024-21612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21612"
},
{
"name": "CVE-2022-42722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
},
{
"name": "CVE-2024-21603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21603"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21585"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2023-36842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36842"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2024-21594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21594"
},
{
"name": "CVE-2022-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
},
{
"name": "CVE-2022-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-41674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
},
{
"name": "CVE-2024-21601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21601"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
}
],
"initial_release_date": "2024-01-11T00:00:00",
"last_revision_date": "2024-01-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0027",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75723 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75741 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75752 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75757 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75730 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75734 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75737 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Security-Director-Insights-Multiple-vulnerabilities-in-SDI"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75721 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75736 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-CTPView-Multiple-vulnerabilities-in-CTPView-CVE-yyyy-nnnn"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75747 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75758 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11272 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Junos-OS-Evolved-Telnet-service-may-be-enabled-when-it-is-expected-to-be-disabled-CVE-2022-22164"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75727 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-CVE-2024-21589"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75233 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75754 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75753 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75742 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75740 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75748 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75744 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75743 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75738 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75733 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75725 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75755 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75735 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75745 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75729 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591"
}
]
}
CERTFR-2024-AVI-0575
Vulnerability from certfr_avis - Published: 2024-07-12 - Updated: 2024-10-15
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antérieures à 21.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.1-EVO antérieures à 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.4 antérieures à 22.4R3-S2 | ||
| Juniper Networks | N/A | Junos OS versions 23.2 antérieures à 23.2R2-S1 | ||
| Juniper Networks | N/A | Session Smart Router versions 6.2 antérieures à SSR-6.2.5-r2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.4-EVO antérieures à 22.4R3-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.2-EVO antérieures à 23.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 antérieures à 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.2 antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions 22.1 antérieures à 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.3-EVO antérieures à 21.3R3-S5-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.2-EVO antérieures à 21.2R3-S7-EVO | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 20.4R3-S9 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R2-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.2 antérieures à 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Session Smart Router versions 6.1 antérieures à SSR-6.1.8-lts | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-EVO | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 antérieures à 20.4R3-S10 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-EVO | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 antérieures à 22.2R3-S1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 antérieures à 21.3R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS versions 21.4 antérieures à 21.4R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R1-S2 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 antérieures à 22.2R3-S2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 23.2R1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.1 antérieures à 22.1R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 antérieures à 21.2R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions antérieures à 21.2R3-S6 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R1-S1-EVO | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 21.4R3-S8 | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R1-S1 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions antérieures à 21.2R3-S7 | ||
| Juniper Networks | N/A | Session Smart Router versions antérieures à SSR-5.6.14 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 antérieures à 22.1R3-S2 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 antérieures à 22.3R3-S1 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antérieures à 21.4R3-S7-EVO | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.3-EVO antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R1-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.3 antérieures à 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos Space versions antérieures à 24.1R1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R3-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 20.4R3-S10-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.4 antérieures à 22.4R3-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R2-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antérieures à 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à before 22.1R3-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R2-S1 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antérieures à 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.2-EVO antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 antérieures à 22.1R3-S4 | ||
| Juniper Networks | N/A | Junos OS versions 21.3 antérieures à 21.3R3-S5 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 22.1R2-S2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.1-EVO antérieures à 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antérieures à 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 21.4 antérieures à 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 22.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antérieures à 22.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 23.1 antérieures à 23.1R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R2-S2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antérieures à 22.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R1-S2-EVO |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.2 ant\u00e9rieures \u00e0 SSR-6.2.5-r2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3-EVO ant\u00e9rieures \u00e0 21.3R3-S5-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.1 ant\u00e9rieures \u00e0 SSR-6.1.8-lts",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 ant\u00e9rieures \u00e0 20.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4 ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 23.2R1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.4R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions ant\u00e9rieures \u00e0 21.2R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-5.6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S10-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R2-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 before 22.1R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 22.1R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.1 ant\u00e9rieures \u00e0 23.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-39560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39560"
},
{
"name": "CVE-2023-32435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32435"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2024-39554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39554"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-39539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39539"
},
{
"name": "CVE-2021-36160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2024-39558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39558"
},
{
"name": "CVE-2022-30522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30522"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-39552",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39552"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2021-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
},
{
"name": "CVE-2023-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2020-13950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13950"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2024-39546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39546"
},
{
"name": "CVE-2024-39540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39540"
},
{
"name": "CVE-2018-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3737"
},
{
"name": "CVE-2024-39543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39543"
},
{
"name": "CVE-2020-11984",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11984"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2021-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-39514",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39514"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2021-35604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
},
{
"name": "CVE-2021-42013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42013"
},
{
"name": "CVE-2023-34059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34059"
},
{
"name": "CVE-2024-39529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39529"
},
{
"name": "CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2022-29167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29167"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2019-10747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10747"
},
{
"name": "CVE-2023-34058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34058"
},
{
"name": "CVE-2011-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2022-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2019-10097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2024-39536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39536"
},
{
"name": "CVE-2024-39555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39555"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2020-13938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13938"
},
{
"name": "CVE-2016-10540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
},
{
"name": "CVE-2019-10082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2016-1000232",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000232"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2024-39561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39561"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2020-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35452"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-41741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2023-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30630"
},
{
"name": "CVE-2022-21608",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-39535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39535"
},
{
"name": "CVE-2024-39545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39545"
},
{
"name": "CVE-2024-39531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39531"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2019-10081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
},
{
"name": "CVE-2020-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
},
{
"name": "CVE-2022-30556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30556"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2024-39530",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39530"
},
{
"name": "CVE-2024-39532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39532"
},
{
"name": "CVE-2023-27522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
},
{
"name": "CVE-2024-39557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39557"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2024-39550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39550"
},
{
"name": "CVE-2022-28615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28615"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2014-10064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-10064"
},
{
"name": "CVE-2024-39511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39511"
},
{
"name": "CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"name": "CVE-2024-39548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39548"
},
{
"name": "CVE-2020-11993",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11993"
},
{
"name": "CVE-2023-22652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22652"
},
{
"name": "CVE-2024-39528",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39528"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2024-39559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39559"
},
{
"name": "CVE-2014-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7191"
},
{
"name": "CVE-2021-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
},
{
"name": "CVE-2020-36049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36049"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2021-41524",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41524"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-39519",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39519"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2022-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2023-2700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2700"
},
{
"name": "CVE-2020-7754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7754"
},
{
"name": "CVE-2024-39533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39533"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2021-26690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26690"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46663"
},
{
"name": "CVE-2011-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
},
{
"name": "CVE-2024-39513",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39513"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2024-39518",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39518"
},
{
"name": "CVE-2023-37450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37450"
},
{
"name": "CVE-2021-30641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30641"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2022-31813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31813"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2018-20834",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20834"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2020-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
},
{
"name": "CVE-2022-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"name": "CVE-2019-10092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
},
{
"name": "CVE-2024-39541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39541"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2024-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39537"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2019-17567",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17567"
},
{
"name": "CVE-2018-7408",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7408"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-39551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39551"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2022-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29404"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-39565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39565"
},
{
"name": "CVE-2021-31618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31618"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2024-39549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39549"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2021-33193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
},
{
"name": "CVE-2021-41773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41773"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2020-9490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9490"
},
{
"name": "CVE-2020-28502",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28502"
},
{
"name": "CVE-2024-39556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39556"
},
{
"name": "CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2023-32439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32439"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2022-28330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28330"
},
{
"name": "CVE-2024-39542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39542"
},
{
"name": "CVE-2022-21454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
},
{
"name": "CVE-2017-1000048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2019-10098",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
},
{
"name": "CVE-2024-39538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39538"
},
{
"name": "CVE-2022-28614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28614"
}
],
"initial_release_date": "2024-07-12T00:00:00",
"last_revision_date": "2024-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0575",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-12T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83001",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Inconsistent-information-in-the-TE-database-can-lead-to-an-rpd-crash-CVE-2024-39541"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82976",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-The-802-1X-Authentication-Daemon-crashes-on-running-a-specific-command-CVE-2024-39511"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83027",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83021",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX4600-SRX5000-Series-TCP-packets-with-SYN-FIN-or-SYN-RST-are-transferred-after-enabling-no-syn-check-with-Express-Path-CVE-2024-39561"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83018",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-PIM-packet-causes-rpd-crash-when-PIM-is-configured-along-with-MoFRR-CVE-2024-39558"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82987",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crashes-upon-concurrent-deletion-of-a-routing-instance-and-receipt-of-an-SNMP-request-CVE-2024-39528"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82982",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX240-MX480-MX960-platforms-using-MPC10E-Memory-leak-will-be-observed-when-subscribed-to-a-specific-subscription-on-Junos-Telemetry-Interface-CVE-2024-39518"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83012",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-line-card-Port-flaps-causes-rtlogd-memory-leak-leading-to-Denial-of-Service-CVE-2024-39550"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83019",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-a-specific-TCP-packet-may-result-in-a-system-crash-vmcore-on-dual-RE-systems-with-NSR-enabled-CVE-2024-39559"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83004",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-large-RPKI-RTR-PDU-packet-can-cause-rpd-to-crash-CVE-2024-39543"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83010",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specific-packets-in-the-aftmand-process-will-lead-to-a-memory-leak-CVE-2024-39548"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83014",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-multipath-incremental-calculation-is-resulting-in-an-rpd-crash-CVE-2024-39554"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82996",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Flaps-of-BFD-sessions-with-authentication-cause-a-ppmd-memory-leak-CVE-2024-39536"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82980",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receiving-specific-traffic-on-devices-with-EVPN-VPWS-with-IGMP-snooping-enabled-will-cause-the-rpd-to-crash-CVE-2024-39514"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83000",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-Specific-valid-TCP-traffic-can-cause-a-pfe-crash-CVE-2024-39540"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83008",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Local-low-privilege-user-can-gain-root-permissions-leading-to-privilege-escalation-CVE-2024-39546"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82991",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Protocol-specific-DDoS-configuration-affects-other-protocols-CVE-2024-39531"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83011",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Receipt-of-malformed-BGP-path-attributes-leads-to-a-memory-leak-CVE-2024-39549"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82989",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Attempting-to-access-specific-sensors-on-platforms-not-supporting-these-will-lead-to-a-chassisd-crash-CVE-2024-39530"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82997",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Ports-which-have-been-inadvertently-exposed-can-be-reached-over-the-network-CVE-2024-39537"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83023",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-EX-Series-J-Web-An-unauthenticated-network-based-attacker-can-perform-XPATH-injection-attack-against-a-device-CVE-2024-39565"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83026",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R1-release"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83013",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-MS-MPC-MIC-Receipt-of-specific-packets-in-H-323-ALG-causes-traffic-drop-CVE-2024-39551"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83002",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-CFM-packet-or-specific-transit-traffic-leads-to-FPC-crash-CVE-2024-39542"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83015",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-update-causes-the-session-to-reset-CVE-2024-39555"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83007",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-NFX350-When-VPN-tunnels-parameters-are-not-matching-the-iked-process-will-crash-CVE-2024-39545"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82995",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-specific-traffic-is-received-in-a-VPLS-scenario-evo-pfemand-crashes-CVE-2024-39535"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82993",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX4600-Series-Output-firewall-filter-is-not-applied-if-certain-match-criteria-are-used-CVE-2024-39533"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75726",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-UPDATE-causes-RPD-crash-CVE-2024-39552"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82988",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83017",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-MAC-table-changes-cause-a-memory-leak-CVE-2024-39557"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82983",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Multicast-traffic-is-looped-in-a-multihoming-EVPN-MPLS-scenario-CVE-2024-39519"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83020",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Memory-leak-due-to-RSVP-neighbor-persistent-error-leading-to-kernel-crash-CVE-2024-39560"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82998",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-multicast-traffic-with-a-specific-S-G-is-received-evo-pfemand-crashes-CVE-2024-39538"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82999",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-Continuous-subscriber-logins-will-lead-to-a-memory-leak-and-eventually-an-FPC-crash-CVE-2024-39539"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83016",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Loading-a-malicious-certificate-from-the-CLI-may-result-in-a-stack-based-overflow-CVE-2024-39556"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82992",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Confidential-information-in-logs-can-be-accessed-by-another-user-CVE-2024-39532"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82978",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Execution-of-a-specific-CLI-command-will-cause-a-crash-in-the-AFT-manager-CVE-2024-39513"
}
]
}
CNVD-2022-03225
Vulnerability from cnvd - Published: 2022-01-13
VLAI
Title
Apache HTTP Server ap_escape_quotes缓冲区溢出漏洞
Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。
Apache HTTP Server在2.4.48及之前版本存在缓冲区溢出漏洞,该漏洞源于当给定恶意输入时ap_escape_quotes()可能会写入缓冲区之外的内容。攻击者可能利用该漏洞写入恶意内容并执行。
Severity
高
Patch Name
Apache HTTP Server ap_escape_quotes缓冲区溢出漏洞的补丁
Patch Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。
Apache HTTP Server在2.4.48及之前版本存在缓冲区溢出漏洞,该漏洞源于当给定恶意输入时ap_escape_quotes()可能会写入缓冲区之外的内容。攻击者可能利用该漏洞写入恶意内容并执行。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://httpd.apache.org/security/vulnerabilities_24.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-39275
Impacted products
| Name | Apache HTTP Server <=2.4.48 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-39275",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275"
}
},
"description": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002\n\nApache HTTP Server\u57282.4.48\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53\u7ed9\u5b9a\u6076\u610f\u8f93\u5165\u65f6ap_escape_quotes()\u53ef\u80fd\u4f1a\u5199\u5165\u7f13\u51b2\u533a\u4e4b\u5916\u7684\u5185\u5bb9\u3002\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8be5\u6f0f\u6d1e\u5199\u5165\u6076\u610f\u5185\u5bb9\u5e76\u6267\u884c\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://httpd.apache.org/security/vulnerabilities_24.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-03225",
"openTime": "2022-01-13",
"patchDescription": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002\r\n\r\nApache HTTP Server\u57282.4.48\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53\u7ed9\u5b9a\u6076\u610f\u8f93\u5165\u65f6ap_escape_quotes()\u53ef\u80fd\u4f1a\u5199\u5165\u7f13\u51b2\u533a\u4e4b\u5916\u7684\u5185\u5bb9\u3002\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8be5\u6f0f\u6d1e\u5199\u5165\u6076\u610f\u5185\u5bb9\u5e76\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache HTTP Server ap_escape_quotes\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apache HTTP Server \u003c=2.4.48"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275",
"serverity": "\u9ad8",
"submitTime": "2021-09-18",
"title": "Apache HTTP Server ap_escape_quotes\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
FKIE_CVE-2021-39275
Vulnerability from fkie_nvd - Published: 2021-09-16 15:15 - Updated: 2025-05-01 15:39
Severity
Summary
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf | Third Party Advisory | |
| security@apache.org | https://httpd.apache.org/security/vulnerabilities_24.html | Release Notes, Vendor Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E | Patch | |
| security@apache.org | https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E | Patch | |
| security@apache.org | https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E | Patch | |
| security@apache.org | https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E | Patch | |
| security@apache.org | https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/ | Third Party Advisory | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/ | Third Party Advisory | |
| security@apache.org | https://security.gentoo.org/glsa/202208-20 | Third Party Advisory | |
| security@apache.org | https://security.netapp.com/advisory/ntap-20211008-0004/ | Third Party Advisory | |
| security@apache.org | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ | Third Party Advisory | |
| security@apache.org | https://www.debian.org/security/2021/dsa-4982 | Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://httpd.apache.org/security/vulnerabilities_24.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-20 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211008-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4982 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | cloud_backup | - | |
| netapp | clustered_data_ontap | - | |
| netapp | storagegrid | - | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | instantis_enterprisetrack | 17.1 | |
| oracle | instantis_enterprisetrack | 17.2 | |
| oracle | instantis_enterprisetrack | 17.3 | |
| oracle | zfs_storage_appliance_kit | 8.8 | |
| siemens | sinec_nms | * | |
| siemens | sinema_server | 14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "482A1EA3-C8EB-46B6-BFD8-562D7515A383",
"versionEndExcluding": "2.4.49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D09241FF-5652-4020-A626-D604134D5020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B0A5CC25-A323-4D49-8989-5A417D12D646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier."
},
{
"lang": "es",
"value": "la funci\u00f3n ap_escape_quotes() puede escribir m\u00e1s all\u00e1 del final de un buffer cuando se le da una entrada maliciosa. Ning\u00fan m\u00f3dulo incluido pasa datos no confiables a estas funciones, pero los m\u00f3dulos externos o de terceros pueden hacerlo. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores"
}
],
"id": "CVE-2021-39275",
"lastModified": "2025-05-01T15:39:40.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-16T15:15:07.580",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Patch"
],
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-P59C-PQFV-4FWC
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2025-05-01 18:31
VLAI
Details
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2021-39275"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-16T15:15:00Z",
"severity": "CRITICAL"
},
"details": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"id": "GHSA-p59c-pqfv-4fwc",
"modified": "2025-05-01T18:31:41Z",
"published": "2022-05-24T19:14:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211008-0004"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2021-39275
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-39275",
"description": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"id": "GSD-2021-39275",
"references": [
"https://www.suse.com/security/cve/CVE-2021-39275.html",
"https://www.debian.org/security/2021/dsa-4982",
"https://access.redhat.com/errata/RHSA-2022:0143",
"https://ubuntu.com/security/CVE-2021-39275",
"https://advisories.mageia.org/CVE-2021-39275.html",
"https://security.archlinux.org/CVE-2021-39275",
"https://access.redhat.com/errata/RHSA-2022:0891",
"https://alas.aws.amazon.com/cve/html/CVE-2021-39275.html",
"https://linux.oracle.com/cve/CVE-2021-39275.html",
"https://access.redhat.com/errata/RHSA-2022:6753",
"https://access.redhat.com/errata/RHSA-2022:7143",
"https://access.redhat.com/errata/RHSA-2022:7144"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-39275"
],
"details": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"id": "GSD-2021-39275",
"modified": "2023-12-13T01:23:15.322551Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-39275",
"STATE": "PUBLIC",
"TITLE": "ap_escape_quotes buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache HTTP Server 2.4",
"version_value": "2.4.48"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ClusterFuzz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "low"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "FEDORA-2021-dce7e7738e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"name": "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"name": "DSA-4982",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211008-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"name": "GLSA-202208-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-20"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "eng",
"time": "2021-09-16",
"value": "2.4.49 released"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-39275"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "FEDORA-2021-dce7e7738e",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"name": "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211008-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"name": "DSA-4982",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"refsource": "CISCO",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"name": "GLSA-202208-20",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-20"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-10-05T12:28Z",
"publishedDate": "2021-09-16T15:15Z"
}
}
}
ICSA-22-167-06
Vulnerability from csaf_cisa - Published: 2022-06-14 00:00 - Updated: 2022-10-11 00:00Summary
Siemens Apache HTTP Server
Notes
Summary: Multiple vulnerabilities were identified in the Apache HTTP Server software. These include NULL Pointer Dereferencing, Out-of-bounds Write and Server-Side Request Forgery related vulnerabilities.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CWE-476
- NULL Pointer Dereference
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM NMS
Siemens / RUGGEDCOM NMS
|
All_versions_when_using_the_device_firmware_upgrade_mechanism |
Mitigation
No Fix Planned
|
|
|
SINEC NMS
Siemens / SINEC NMS
|
<V1.0.3 |
Mitigation
Vendor Fix
fix
|
|
|
SINEMA Remote Connect Server
Siemens / SINEMA Remote Connect Server
|
<V3.1 |
Mitigation
Vendor Fix
fix
|
|
|
SINEMA Server V14
Siemens / SINEMA Server V14
|
vers:all/* |
Mitigation
No Fix Planned
|
References
11 references
| URL | Category |
|---|---|
| https://cert-portal.siemens.com/productcert/csaf/… | self |
| https://cert-portal.siemens.com/productcert/txt/s… | self |
| https://cert-portal.siemens.com/productcert/pdf/s… | self |
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-… | external |
| https://www.cisa.gov/resources-tools/resources/ic… | external |
| https://www.cisa.gov/topics/industrial-control-systems | external |
| https://us-cert.cisa.gov/sites/default/files/reco… | external |
| https://www.cisa.gov/sites/default/files/publicat… | external |
| https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B | external |
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities were identified in the Apache HTTP Server software. These include NULL Pointer Dereferencing, Out-of-bounds Write and Server-Side Request Forgery related vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-685781: Multiple Vulnerabilities in Apache HTTP Server Affecting Siemens Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-685781.json"
},
{
"category": "self",
"summary": "SSA-685781: Multiple Vulnerabilities in Apache HTTP Server Affecting Siemens Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-685781.txt"
},
{
"category": "self",
"summary": "SSA-685781: Multiple Vulnerabilities in Apache HTTP Server Affecting Siemens Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-167-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-167-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-167-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Apache HTTP Server",
"tracking": {
"current_release_date": "2022-10-11T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-167-06",
"initial_release_date": "2022-06-14T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-06-14T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-10-11T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for SINEC NMS"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "All_versions_when_using_the_device_firmware_upgrade_mechanism",
"product": {
"name": "RUGGEDCOM NMS",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM NMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.0.3",
"product": {
"name": "SINEC NMS",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SINEC NMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.1",
"product": {
"name": "SINEMA Remote Connect Server",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SINEMA Server V14",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SINEMA Server V14"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34798",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict access to the affected systems, especially to port 443/tcp, to trusted IP addresses only",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.0.3 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109813788/"
},
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811169/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-34798"
},
{
"cve": "CVE-2021-39275",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict access to the affected systems, especially to port 443/tcp, to trusted IP addresses only",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0004"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.0.3 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109813788/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-39275"
},
{
"cve": "CVE-2021-40438",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "summary",
"text": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Restrict access to the affected systems, especially to port 443/tcp, to trusted IP addresses only",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0004"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V1.0.3 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109813788/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-40438"
}
]
}
MSRC_CVE-2021-39275
Vulnerability from csaf_microsoft - Published: 2021-09-02 00:00 - Updated: 2021-12-16 00:00Summary
ap_escape_quotes buffer overflow
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
9.8 (Critical)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 16886-16820 | — | ||
| Unresolved product id: 17030-17086 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-39275 ap_escape_quotes buffer overflow - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-39275.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "ap_escape_quotes buffer overflow",
"tracking": {
"current_release_date": "2021-12-16T00:00:00.000Z",
"generator": {
"date": "2026-01-03T09:28:40.717Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-39275",
"initial_release_date": "2021-09-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-10-01T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2021-12-16T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added httpd to CBL-Mariner 2.0"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 httpd 2.4.49-1",
"product": {
"name": "\u003ccm1 httpd 2.4.49-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cm1 httpd 2.4.49-1",
"product": {
"name": "cm1 httpd 2.4.49-1",
"product_id": "16886"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 httpd 2.4.52-1",
"product": {
"name": "\u003ccbl2 httpd 2.4.52-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 httpd 2.4.52-1",
"product": {
"name": "cbl2 httpd 2.4.52-1",
"product_id": "17030"
}
}
],
"category": "product_name",
"name": "httpd"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 httpd 2.4.49-1 as a component of CBL Mariner 1.0",
"product_id": "16820-2"
},
"product_reference": "2",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 httpd 2.4.49-1 as a component of CBL Mariner 1.0",
"product_id": "16886-16820"
},
"product_reference": "16886",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 httpd 2.4.52-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 httpd 2.4.52-1 as a component of CBL Mariner 2.0",
"product_id": "17030-17086"
},
"product_reference": "17030",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-39275",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "general",
"text": "apache",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16886-16820",
"17030-17086"
],
"known_affected": [
"16820-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-39275 ap_escape_quotes buffer overflow - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-39275.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-10-01T00:00:00.000Z",
"details": "2.4.49-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2021-10-01T00:00:00.000Z",
"details": "2.4.52-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"16820-2",
"17086-1"
]
}
],
"title": "ap_escape_quotes buffer overflow"
}
]
}
OPENSUSE-SU-2021:1438-1
Vulnerability from csaf_opensuse - Published: 2021-11-02 11:51 - Updated: 2021-11-02 11:51Summary
Security update for apache2
Severity
Important
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
- CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. (bsc#1190702)
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2021-1438
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1190666 | self |
| https://bugzilla.suse.com/1190669 | self |
| https://bugzilla.suse.com/1190702 | self |
| https://bugzilla.suse.com/1190703 | self |
| https://www.suse.com/security/cve/CVE-2021-34798/ | self |
| https://www.suse.com/security/cve/CVE-2021-36160/ | self |
| https://www.suse.com/security/cve/CVE-2021-39275/ | self |
| https://www.suse.com/security/cve/CVE-2021-40438/ | self |
| https://www.suse.com/security/cve/CVE-2021-34798 | external |
| https://bugzilla.suse.com/1190669 | external |
| https://bugzilla.suse.com/1191297 | external |
| https://www.suse.com/security/cve/CVE-2021-36160 | external |
| https://bugzilla.suse.com/1190702 | external |
| https://www.suse.com/security/cve/CVE-2021-39275 | external |
| https://bugzilla.suse.com/1190666 | external |
| https://www.suse.com/security/cve/CVE-2021-40438 | external |
| https://bugzilla.suse.com/1190703 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)\n- CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. (bsc#1190702)\n- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)\n- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1438",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1438-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1438-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H4TEWXB67RJ5IPKHZI6FBQ67CJEHGI3B/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1438-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H4TEWXB67RJ5IPKHZI6FBQ67CJEHGI3B/"
},
{
"category": "self",
"summary": "SUSE Bug 1190666",
"url": "https://bugzilla.suse.com/1190666"
},
{
"category": "self",
"summary": "SUSE Bug 1190669",
"url": "https://bugzilla.suse.com/1190669"
},
{
"category": "self",
"summary": "SUSE Bug 1190702",
"url": "https://bugzilla.suse.com/1190702"
},
{
"category": "self",
"summary": "SUSE Bug 1190703",
"url": "https://bugzilla.suse.com/1190703"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34798 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36160 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39275 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40438 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40438/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2021-11-02T11:51:52Z",
"generator": {
"date": "2021-11-02T11:51:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1438-1",
"initial_release_date": "2021-11-02T11:51:52Z",
"revision_history": [
{
"date": "2021-11-02T11:51:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-lp152.2.21.1.i586",
"product": {
"name": "apache2-2.4.43-lp152.2.21.1.i586",
"product_id": "apache2-2.4.43-lp152.2.21.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-lp152.2.21.1.i586",
"product": {
"name": "apache2-devel-2.4.43-lp152.2.21.1.i586",
"product_id": "apache2-devel-2.4.43-lp152.2.21.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-lp152.2.21.1.i586",
"product": {
"name": "apache2-event-2.4.43-lp152.2.21.1.i586",
"product_id": "apache2-event-2.4.43-lp152.2.21.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"product": {
"name": "apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"product_id": "apache2-example-pages-2.4.43-lp152.2.21.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-lp152.2.21.1.i586",
"product": {
"name": "apache2-prefork-2.4.43-lp152.2.21.1.i586",
"product_id": "apache2-prefork-2.4.43-lp152.2.21.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-lp152.2.21.1.i586",
"product": {
"name": "apache2-utils-2.4.43-lp152.2.21.1.i586",
"product_id": "apache2-utils-2.4.43-lp152.2.21.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-lp152.2.21.1.i586",
"product": {
"name": "apache2-worker-2.4.43-lp152.2.21.1.i586",
"product_id": "apache2-worker-2.4.43-lp152.2.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.43-lp152.2.21.1.noarch",
"product": {
"name": "apache2-doc-2.4.43-lp152.2.21.1.noarch",
"product_id": "apache2-doc-2.4.43-lp152.2.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-lp152.2.21.1.x86_64",
"product": {
"name": "apache2-2.4.43-lp152.2.21.1.x86_64",
"product_id": "apache2-2.4.43-lp152.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"product": {
"name": "apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"product_id": "apache2-devel-2.4.43-lp152.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-lp152.2.21.1.x86_64",
"product": {
"name": "apache2-event-2.4.43-lp152.2.21.1.x86_64",
"product_id": "apache2-event-2.4.43-lp152.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"product_id": "apache2-example-pages-2.4.43-lp152.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"product_id": "apache2-prefork-2.4.43-lp152.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"product": {
"name": "apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"product_id": "apache2-utils-2.4.43-lp152.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-lp152.2.21.1.x86_64",
"product": {
"name": "apache2-worker-2.4.43-lp152.2.21.1.x86_64",
"product_id": "apache2-worker-2.4.43-lp152.2.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-lp152.2.21.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586"
},
"product_reference": "apache2-2.4.43-lp152.2.21.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-lp152.2.21.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64"
},
"product_reference": "apache2-2.4.43-lp152.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-lp152.2.21.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586"
},
"product_reference": "apache2-devel-2.4.43-lp152.2.21.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-lp152.2.21.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64"
},
"product_reference": "apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.43-lp152.2.21.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch"
},
"product_reference": "apache2-doc-2.4.43-lp152.2.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-lp152.2.21.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586"
},
"product_reference": "apache2-event-2.4.43-lp152.2.21.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-lp152.2.21.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64"
},
"product_reference": "apache2-event-2.4.43-lp152.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-lp152.2.21.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586"
},
"product_reference": "apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-lp152.2.21.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-lp152.2.21.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586"
},
"product_reference": "apache2-prefork-2.4.43-lp152.2.21.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-lp152.2.21.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-lp152.2.21.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586"
},
"product_reference": "apache2-utils-2.4.43-lp152.2.21.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-lp152.2.21.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64"
},
"product_reference": "apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-lp152.2.21.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586"
},
"product_reference": "apache2-worker-2.4.43-lp152.2.21.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-lp152.2.21.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
},
"product_reference": "apache2-worker-2.4.43-lp152.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34798"
}
],
"notes": [
{
"category": "general",
"text": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34798",
"url": "https://www.suse.com/security/cve/CVE-2021-34798"
},
{
"category": "external",
"summary": "SUSE Bug 1190669 for CVE-2021-34798",
"url": "https://bugzilla.suse.com/1190669"
},
{
"category": "external",
"summary": "SUSE Bug 1191297 for CVE-2021-34798",
"url": "https://bugzilla.suse.com/1191297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-02T11:51:52Z",
"details": "important"
}
],
"title": "CVE-2021-34798"
},
{
"cve": "CVE-2021-36160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36160"
}
],
"notes": [
{
"category": "general",
"text": "A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36160",
"url": "https://www.suse.com/security/cve/CVE-2021-36160"
},
{
"category": "external",
"summary": "SUSE Bug 1190702 for CVE-2021-36160",
"url": "https://bugzilla.suse.com/1190702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-02T11:51:52Z",
"details": "important"
}
],
"title": "CVE-2021-36160"
},
{
"cve": "CVE-2021-39275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39275"
}
],
"notes": [
{
"category": "general",
"text": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39275",
"url": "https://www.suse.com/security/cve/CVE-2021-39275"
},
{
"category": "external",
"summary": "SUSE Bug 1190666 for CVE-2021-39275",
"url": "https://bugzilla.suse.com/1190666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-02T11:51:52Z",
"details": "important"
}
],
"title": "CVE-2021-39275"
},
{
"cve": "CVE-2021-40438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40438"
}
],
"notes": [
{
"category": "general",
"text": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40438",
"url": "https://www.suse.com/security/cve/CVE-2021-40438"
},
{
"category": "external",
"summary": "SUSE Bug 1190703 for CVE-2021-40438",
"url": "https://bugzilla.suse.com/1190703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-devel-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-doc-2.4.43-lp152.2.21.1.noarch",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-event-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-example-pages-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-prefork-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-utils-2.4.43-lp152.2.21.1.x86_64",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.i586",
"openSUSE Leap 15.2:apache2-worker-2.4.43-lp152.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-02T11:51:52Z",
"details": "important"
}
],
"title": "CVE-2021-40438"
}
]
}
OPENSUSE-SU-2021:3522-1
Vulnerability from csaf_opensuse - Published: 2021-10-26 13:40 - Updated: 2021-10-26 13:40Summary
Security update for apache2
Severity
Important
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
- CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. (bsc#1190702)
- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)
- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)
Patchnames: openSUSE-SLE-15.3-2021-3522
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1190666 | self |
| https://bugzilla.suse.com/1190669 | self |
| https://bugzilla.suse.com/1190702 | self |
| https://bugzilla.suse.com/1190703 | self |
| https://www.suse.com/security/cve/CVE-2021-34798/ | self |
| https://www.suse.com/security/cve/CVE-2021-36160/ | self |
| https://www.suse.com/security/cve/CVE-2021-39275/ | self |
| https://www.suse.com/security/cve/CVE-2021-40438/ | self |
| https://www.suse.com/security/cve/CVE-2021-34798 | external |
| https://bugzilla.suse.com/1190669 | external |
| https://bugzilla.suse.com/1191297 | external |
| https://www.suse.com/security/cve/CVE-2021-36160 | external |
| https://bugzilla.suse.com/1190702 | external |
| https://www.suse.com/security/cve/CVE-2021-39275 | external |
| https://bugzilla.suse.com/1190666 | external |
| https://www.suse.com/security/cve/CVE-2021-40438 | external |
| https://bugzilla.suse.com/1190703 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n- CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)\n- CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. (bsc#1190702)\n- CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666)\n- CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-3522",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_3522-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:3522-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JKKOECDBM5767TKS4AX32R26YLJDYTJT/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:3522-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JKKOECDBM5767TKS4AX32R26YLJDYTJT/"
},
{
"category": "self",
"summary": "SUSE Bug 1190666",
"url": "https://bugzilla.suse.com/1190666"
},
{
"category": "self",
"summary": "SUSE Bug 1190669",
"url": "https://bugzilla.suse.com/1190669"
},
{
"category": "self",
"summary": "SUSE Bug 1190702",
"url": "https://bugzilla.suse.com/1190702"
},
{
"category": "self",
"summary": "SUSE Bug 1190703",
"url": "https://bugzilla.suse.com/1190703"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34798 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36160 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39275 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40438 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40438/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2021-10-26T13:40:11Z",
"generator": {
"date": "2021-10-26T13:40:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:3522-1",
"initial_release_date": "2021-10-26T13:40:11Z",
"revision_history": [
{
"date": "2021-10-26T13:40:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-3.32.1.aarch64",
"product": {
"name": "apache2-2.4.43-3.32.1.aarch64",
"product_id": "apache2-2.4.43-3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-3.32.1.aarch64",
"product": {
"name": "apache2-devel-2.4.43-3.32.1.aarch64",
"product_id": "apache2-devel-2.4.43-3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-3.32.1.aarch64",
"product": {
"name": "apache2-event-2.4.43-3.32.1.aarch64",
"product_id": "apache2-event-2.4.43-3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-3.32.1.aarch64",
"product": {
"name": "apache2-example-pages-2.4.43-3.32.1.aarch64",
"product_id": "apache2-example-pages-2.4.43-3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-3.32.1.aarch64",
"product": {
"name": "apache2-prefork-2.4.43-3.32.1.aarch64",
"product_id": "apache2-prefork-2.4.43-3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-3.32.1.aarch64",
"product": {
"name": "apache2-utils-2.4.43-3.32.1.aarch64",
"product_id": "apache2-utils-2.4.43-3.32.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-3.32.1.aarch64",
"product": {
"name": "apache2-worker-2.4.43-3.32.1.aarch64",
"product_id": "apache2-worker-2.4.43-3.32.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.43-3.32.1.noarch",
"product": {
"name": "apache2-doc-2.4.43-3.32.1.noarch",
"product_id": "apache2-doc-2.4.43-3.32.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-3.32.1.ppc64le",
"product": {
"name": "apache2-2.4.43-3.32.1.ppc64le",
"product_id": "apache2-2.4.43-3.32.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-3.32.1.ppc64le",
"product": {
"name": "apache2-devel-2.4.43-3.32.1.ppc64le",
"product_id": "apache2-devel-2.4.43-3.32.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-3.32.1.ppc64le",
"product": {
"name": "apache2-event-2.4.43-3.32.1.ppc64le",
"product_id": "apache2-event-2.4.43-3.32.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-3.32.1.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.43-3.32.1.ppc64le",
"product_id": "apache2-example-pages-2.4.43-3.32.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-3.32.1.ppc64le",
"product": {
"name": "apache2-prefork-2.4.43-3.32.1.ppc64le",
"product_id": "apache2-prefork-2.4.43-3.32.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-3.32.1.ppc64le",
"product": {
"name": "apache2-utils-2.4.43-3.32.1.ppc64le",
"product_id": "apache2-utils-2.4.43-3.32.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-3.32.1.ppc64le",
"product": {
"name": "apache2-worker-2.4.43-3.32.1.ppc64le",
"product_id": "apache2-worker-2.4.43-3.32.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-3.32.1.s390x",
"product": {
"name": "apache2-2.4.43-3.32.1.s390x",
"product_id": "apache2-2.4.43-3.32.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-3.32.1.s390x",
"product": {
"name": "apache2-devel-2.4.43-3.32.1.s390x",
"product_id": "apache2-devel-2.4.43-3.32.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-3.32.1.s390x",
"product": {
"name": "apache2-event-2.4.43-3.32.1.s390x",
"product_id": "apache2-event-2.4.43-3.32.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-3.32.1.s390x",
"product": {
"name": "apache2-example-pages-2.4.43-3.32.1.s390x",
"product_id": "apache2-example-pages-2.4.43-3.32.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-3.32.1.s390x",
"product": {
"name": "apache2-prefork-2.4.43-3.32.1.s390x",
"product_id": "apache2-prefork-2.4.43-3.32.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-3.32.1.s390x",
"product": {
"name": "apache2-utils-2.4.43-3.32.1.s390x",
"product_id": "apache2-utils-2.4.43-3.32.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-3.32.1.s390x",
"product": {
"name": "apache2-worker-2.4.43-3.32.1.s390x",
"product_id": "apache2-worker-2.4.43-3.32.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.43-3.32.1.x86_64",
"product": {
"name": "apache2-2.4.43-3.32.1.x86_64",
"product_id": "apache2-2.4.43-3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.43-3.32.1.x86_64",
"product": {
"name": "apache2-devel-2.4.43-3.32.1.x86_64",
"product_id": "apache2-devel-2.4.43-3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-event-2.4.43-3.32.1.x86_64",
"product": {
"name": "apache2-event-2.4.43-3.32.1.x86_64",
"product_id": "apache2-event-2.4.43-3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.43-3.32.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.43-3.32.1.x86_64",
"product_id": "apache2-example-pages-2.4.43-3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.43-3.32.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.43-3.32.1.x86_64",
"product_id": "apache2-prefork-2.4.43-3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.43-3.32.1.x86_64",
"product": {
"name": "apache2-utils-2.4.43-3.32.1.x86_64",
"product_id": "apache2-utils-2.4.43-3.32.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.43-3.32.1.x86_64",
"product": {
"name": "apache2-worker-2.4.43-3.32.1.x86_64",
"product_id": "apache2-worker-2.4.43-3.32.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64"
},
"product_reference": "apache2-2.4.43-3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-3.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le"
},
"product_reference": "apache2-2.4.43-3.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-3.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x"
},
"product_reference": "apache2-2.4.43-3.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.43-3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64"
},
"product_reference": "apache2-2.4.43-3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64"
},
"product_reference": "apache2-devel-2.4.43-3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-3.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le"
},
"product_reference": "apache2-devel-2.4.43-3.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-3.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x"
},
"product_reference": "apache2-devel-2.4.43-3.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.43-3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64"
},
"product_reference": "apache2-devel-2.4.43-3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.43-3.32.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch"
},
"product_reference": "apache2-doc-2.4.43-3.32.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64"
},
"product_reference": "apache2-event-2.4.43-3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-3.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le"
},
"product_reference": "apache2-event-2.4.43-3.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-3.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x"
},
"product_reference": "apache2-event-2.4.43-3.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-event-2.4.43-3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64"
},
"product_reference": "apache2-event-2.4.43-3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64"
},
"product_reference": "apache2-example-pages-2.4.43-3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-3.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.43-3.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-3.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.43-3.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.43-3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.43-3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64"
},
"product_reference": "apache2-prefork-2.4.43-3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-3.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.43-3.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-3.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x"
},
"product_reference": "apache2-prefork-2.4.43-3.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.43-3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.43-3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64"
},
"product_reference": "apache2-utils-2.4.43-3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-3.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.43-3.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-3.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x"
},
"product_reference": "apache2-utils-2.4.43-3.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.43-3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64"
},
"product_reference": "apache2-utils-2.4.43-3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-3.32.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64"
},
"product_reference": "apache2-worker-2.4.43-3.32.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-3.32.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.43-3.32.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-3.32.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x"
},
"product_reference": "apache2-worker-2.4.43-3.32.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.43-3.32.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
},
"product_reference": "apache2-worker-2.4.43-3.32.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34798"
}
],
"notes": [
{
"category": "general",
"text": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34798",
"url": "https://www.suse.com/security/cve/CVE-2021-34798"
},
{
"category": "external",
"summary": "SUSE Bug 1190669 for CVE-2021-34798",
"url": "https://bugzilla.suse.com/1190669"
},
{
"category": "external",
"summary": "SUSE Bug 1191297 for CVE-2021-34798",
"url": "https://bugzilla.suse.com/1191297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-26T13:40:11Z",
"details": "important"
}
],
"title": "CVE-2021-34798"
},
{
"cve": "CVE-2021-36160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36160"
}
],
"notes": [
{
"category": "general",
"text": "A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36160",
"url": "https://www.suse.com/security/cve/CVE-2021-36160"
},
{
"category": "external",
"summary": "SUSE Bug 1190702 for CVE-2021-36160",
"url": "https://bugzilla.suse.com/1190702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-26T13:40:11Z",
"details": "important"
}
],
"title": "CVE-2021-36160"
},
{
"cve": "CVE-2021-39275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39275"
}
],
"notes": [
{
"category": "general",
"text": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39275",
"url": "https://www.suse.com/security/cve/CVE-2021-39275"
},
{
"category": "external",
"summary": "SUSE Bug 1190666 for CVE-2021-39275",
"url": "https://bugzilla.suse.com/1190666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-26T13:40:11Z",
"details": "important"
}
],
"title": "CVE-2021-39275"
},
{
"cve": "CVE-2021-40438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40438"
}
],
"notes": [
{
"category": "general",
"text": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40438",
"url": "https://www.suse.com/security/cve/CVE-2021-40438"
},
{
"category": "external",
"summary": "SUSE Bug 1190703 for CVE-2021-40438",
"url": "https://bugzilla.suse.com/1190703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-devel-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-doc-2.4.43-3.32.1.noarch",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-event-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-example-pages-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-prefork-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-utils-2.4.43-3.32.1.x86_64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.aarch64",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.ppc64le",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.s390x",
"openSUSE Leap 15.3:apache2-worker-2.4.43-3.32.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-26T13:40:11Z",
"details": "important"
}
],
"title": "CVE-2021-40438"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…