CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.066

EPSS Ranking 90.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2021-41524

Apache » Http Server » Version: 2.4.49

cpe:2.3:a:apache:http_server:2.4.49
Netapp » Cloud Backup » Version: N/A

cpe:2.3:a:netapp:cloud_backup:-
Oracle » Instantis Enterprisetrack » Version: 17.1

cpe:2.3:a:oracle:instantis_enterprisetrack:17.1
Oracle » Instantis Enterprisetrack » Version: 17.2

cpe:2.3:a:oracle:instantis_enterprisetrack:17.2
Oracle » Instantis Enterprisetrack » Version: 17.3

cpe:2.3:a:oracle:instantis_enterprisetrack:17.3
Fedoraproject » Fedora » Version: 34

cpe:2.3:o:fedoraproject:fedora:34
Fedoraproject » Fedora » Version: 35

cpe:2.3:o:fedoraproject:fedora:35

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41524

Products

Pricing

Contact Us