apache http-server CVE-2021-33193 vulnerability in Apache and Other Products
Published on August 16, 2021

Request splitting via HTTP/2 method injection and mod_proxy

product logo product logo product logo product logo product logo product logo
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Timeline

reported

public 87 days later.


Products Associated with CVE-2021-33193

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-33193 are published in these products:

Apache HTTP Server
 
Canonical Ubuntu Linux
 
Fedora Project Fedora
 
Tenable Sc
 
Oracle Secure Backup
 
Oracle Zfs Storage Appliance Kit
 
Debian Linux
 

Affected Versions

Apache Software Foundation Apache HTTP Server Version Apache HTTP Server 2.4 2.4.17 to 2.4.48 is affected by CVE-2021-33193

Exploit Probability

EPSS
0.92%
Percentile
75.58%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.