A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.01033}

epss

{'score': 0.01003}


Thu, 01 May 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Debian
Debian debian Linux
CPEs cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Vendors & Products Debian
Debian debian Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-03T23:42:20.253Z

Reserved: 2021-05-19T00:00:00

Link: CVE-2021-33193

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-08-16T08:15:11.480

Modified: 2025-05-01T15:40:12.163

Link: CVE-2021-33193

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-08-05T00:00:00Z

Links: CVE-2021-33193 - Bugzilla

cve-icon OpenCVE Enrichment

No data.