CVE-2021-39275

Public on 2021-10-15
Modified on 2021-10-15
Description
An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function.
Severity
Medium
CVSS v3 Base Score
8.1
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 httpd 2021-10-15 07:57 ALAS2-2021-1716
Amazon Linux 1 httpd24 2021-10-15 07:52 ALAS-2021-1543

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
NVD CVSSv3 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H