Detections
Analytics
CVE-2021-44224
high
Description
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
References
https://support.apple.com/en-us/HT213256
https://support.apple.com/en-us/102770
https://www.tenable.com/blog/oracle-april-2022-critical-patch-update-addresses-221-cves
https://www.tenable.com/security/tns-2022-03
https://www.tenable.com/security/tns-2022-01
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.debian.org/security/2022/dsa-5035
https://support.apple.com/kb/HT213257
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213255
https://security.netapp.com/advisory/ntap-20211224-0001/
https://security.gentoo.org/glsa/202208-20
http://www.openwall.com/lists/oss-security/2021/12/20/3
http://seclists.org/fulldisclosure/2022/May/38
http://seclists.org/fulldisclosure/2022/May/35