CVE-2021-26690 vulnerability in Canonical and Other Products
Published on June 10, 2021
mod_session NULL pointer dereference
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
Products Associated with CVE-2021-26690
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-26690 are published in these products:
Affected Versions
Apache Software Foundation Apache HTTP Server:- Version 2.4.46 is affected.
- Version 2.4.43 is affected.
- Version 2.4.41 is affected.
- Version 2.4.39 is affected.
- Version 2.4.38 is affected.
- Version 2.4.37 is affected.
- Version 2.4.35 is affected.
- Version 2.4.34 is affected.
- Version 2.4.33 is affected.
- Version 2.4.29 is affected.
- Version 2.4.28 is affected.
- Version 2.4.27 is affected.
- Version 2.4.26 is affected.
- Version 2.4.25 is affected.
- Version 2.4.23 is affected.
- Version 2.4.20 is affected.
- Version 2.4.18 is affected.
- Version 2.4.17 is affected.
- Version 2.4.16 is affected.
- Version 2.4.12 is affected.
- Version 2.4.10 is affected.
- Version 2.4.9 is affected.
- Version 2.4.7 is affected.
- Version 2.4.6 is affected.
- Version 2.4.4 is affected.
- Version 2.4.3 is affected.
- Version 2.4.2 is affected.
- Version 2.4.1 is affected.
- Version 2.4.0 is affected.
Exploit Probability
EPSS
63.38%
Percentile
98.37%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.