Re: Regarding CVE-2021-40438

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Apache users <users@xxxxxxxxxxxxxxxx>
Subject: Re: Regarding CVE-2021-40438
From: Nick Folino <nick@xxxxxxxxx>
Date: Tue, 19 Oct 2021 06:34:47 -0400
In-reply-to: <CAJr0ceohJiLNg+YO2dS4PfmfHGR6VE7bLa_BgsXxS71nnC4XKg@mail.gmail.com>
Reply-to: users@xxxxxxxxxxxxxxxx

Nobody here is going to tell you how to exploit vulnerabilities.

If you can't figure it out by reading the code then upgrade to the fixed version.

Nick

On Tue, Oct 19, 2021 at 2:49 AM alchemist vk <alchemist.vk@xxxxxxxxx> wrote:

Hi All,
I understand that, CVE-2021-40438 is fixed in httpd release 2.4.50 onwards.
But I would like to know more about, how this issue can be exploitable in prior versions and can I know the commit id/patch details for this issue.

Tried looking into commit details in github apache repo, but couldnt find anything specific to CVE-2021-40438.

Please help me in this regard,

With Regards
Venkatesh

Follow-Ups:
- Re: Regarding CVE-2021-40438
  - From: alchemist vk

References:
- Regarding CVE-2021-40438
  - From: alchemist vk

Prev by Date: Re: Issue with Apache 2.4.51 hanging
Next by Date: How to display the True-Client-IP header in the access log
Previous by thread: Regarding CVE-2021-40438
Next by thread: Re: Regarding CVE-2021-40438
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]