CVE-2021-44790
Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Produtos afetados
Apache Software Foundation · Apache HTTP ServerPoCs públicas encontradas — 3
githubgithub.com/nuPacaChi/-CVE-2021-44790★ 4cve_referencepacketstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/51193não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://httpd.apache.org/security/vulnerabilities_24.htmlhttp://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2022/May/33http://seclists.org/fulldisclosure/2022/May/35http://seclists.org/fulldisclosure/2022/May/38https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/https://security.gentoo.org/glsa/202208-20https://security.netapp.com/advisory/ntap-20211224-0001/https://support.apple.com/kb/HT213255