CVE-2021-26691 vulnerability in Canonical and Other Products
Published on June 10, 2021
Apache HTTP Server mod_session response handling heap overflow
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2021-26691
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-26691 are published in these products:
Affected Versions
Apache Software Foundation Apache HTTP Server:- Version 2.4.46 is affected.
- Version 2.4.43 is affected.
- Version 2.4.41 is affected.
- Version 2.4.39 is affected.
- Version 2.4.38 is affected.
- Version 2.4.37 is affected.
- Version 2.4.35 is affected.
- Version 2.4.34 is affected.
- Version 2.4.33 is affected.
- Version 2.4.29 is affected.
- Version 2.4.28 is affected.
- Version 2.4.27 is affected.
- Version 2.4.26 is affected.
- Version 2.4.25 is affected.
- Version 2.4.23 is affected.
- Version 2.4.20 is affected.
- Version 2.4.18 is affected.
- Version 2.4.17 is affected.
- Version 2.4.16 is affected.
- Version 2.4.12 is affected.
- Version 2.4.10 is affected.
- Version 2.4.9 is affected.
- Version 2.4.7 is affected.
- Version 2.4.6 is affected.
- Version 2.4.4 is affected.
- Version 2.4.3 is affected.
- Version 2.4.2 is affected.
- Version 2.4.1 is affected.
- Version 2.4.0 is affected.
Exploit Probability
EPSS
40.36%
Percentile
97.30%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.