A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-04T04:17:24.919Z

Reserved: 2021-11-25T00:00:00

Link: CVE-2021-44224

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-12-20T12:15:07.393

Modified: 2024-11-21T06:30:37.133

Link: CVE-2021-44224

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-12-20T00:00:00Z

Links: CVE-2021-44224 - Bugzilla

cve-icon OpenCVE Enrichment

No data.