Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 21.04 USN-5090-1 Severe: Apache HTTP Server Denial of Service

ubuntu
Calendar Grey September 27, 2021
Dist Ubuntu Esm H88
Multiple vulnerabilities addressed in Apache HTTP Server were resolved with Ubuntu Security Notice USN-5090-1 on September 27, 2021.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

James Kettle discovered that the Apache HTTP Server HTTP/2 module

incorrectly handled certain crafted methods. A remote attacker could

possibly use this issue to perform request splitting or cache poisoning

attacks. (CVE-2021-33193)

It was discovered that the Apache HTTP Server incorrectly handled certain

malformed requests. A remote attacker could possibly use this issue to

cause the server to crash, resulting in a denial of service.

(CVE-2021-34798)

Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly

handled certain request uri-paths. A remote attacker could possibly use

this issue to cause the server to crash, resulting in a denial of service.

This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04.

(CVE-2021-36160)

It was discovered that the Apache HTTP Server incorrectly handled escaping

quotes. If the ser...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  apache2                         2.4.46-4ubuntu1.2
  apache2-bin                     2.4.46-4ubuntu1.2

Ubuntu 20.04 LTS:
  apache2                         2.4.41-4ubuntu3.5
  apache2-bin                     2.4.41-4ubuntu3.5

Ubuntu 18.04 LTS:
  apache2                         2.4.29-1ubuntu4.17
  apache2-bin                     2.4.29-1ubuntu4.17

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5090-1

CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275,

CVE-2021-40438

Severity
critical
Lowest
Low
Medium
High
Critical

September 27, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.