QID 352395
Date Published: 2021-06-24
QID 352395: Amazon Linux Security Advisory for httpd: ALAS2-2021-1659
<DIV ID="issue_overview"> a flaw was found in apache httpd.
The mod_proxy_wstunnel module tunnels non-upgraded connections. (
cve-2019-17567 ) apache http server versions 2.4.0 to 2.4.46 unprivileged local users can stop httpd on windows (cve-2020-13938 ) a flaw was found in apache httpd.
The mod_proxy has a null pointer dereference.
The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (
cve-2020-13950 ) a flaw was found in apache httpd.
The mod_auth_digest has a single zero byte stack overflow.
cve-2020-35452 ) a null pointer dereference was found in apache httpd mod_session.
cve-2021-26690 ) a heap overflow flaw was found in apache httpd mod_session.
The highest threat from this vulnerability is to system availability. (
cve-2021-26691 ) a flaw was found in apache httpd.
A possible regression from an earlier security fix broke behavior of mergeslashes.
The highest threat from this vulnerability is to data integrity. (
cve-2021-30641 ) a null pointer de-reference was found in the way httpd handled specially crafted http/2 request.
A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service. (
cve-2021-31618 ) </DIV>
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
- ALAS2-2021-1659 -
alas.aws.amazon.com/AL2/ALAS-2021-1659.html
CVEs related to QID 352395
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2021-1659 | Amazon Linux 2 |
alas.aws.amazon.com/AL2/ALAS-2021-1659.html |