CVE-2021-39275 vulnerability in Canonical and Other Products
Published on September 16, 2021

ap_escape_quotes buffer overflow

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Timeline

2021-09-16

2.4.49 released

Products Associated with CVE-2021-39275

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-39275 are published in these products:

Canonical Ubuntu Linux

Apache HTTP Server

Fedora Project Fedora

Debian Linux

NetApp Clustered Data Ontap

NetApp Storagegrid

NetApp Cloud Backup

Oracle Instantis Enterprisetrack

Oracle Http Server

Oracle Zfs Storage Appliance Kit

Siemens Sinema Server

Siemens Sinec Nms

Affected Versions

Apache Software Foundation Apache HTTP Server:

Version Apache HTTP Server 2.4, <= 2.4.48 is affected.

Exploit Probability

EPSS

40.03%

Percentile

97.24%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-39275 vulnerability in Canonical and Other ProductsPublished on September 16, 2021

Timeline

Products Associated with CVE-2021-39275

Affected Versions

Exploit Probability

CVE-2021-39275 vulnerability in Canonical and Other Products
Published on September 16, 2021