Bug 65765 - Apache found critical bugs in httpd web server
Summary: Apache found critical bugs in httpd web server
Status: RESOLVED INFORMATIONPROVIDED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: All (show other bugs)
Version: 2.4.51
Hardware: PC All
: P2 critical (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-24 02:39 UTC by chikin.wong
Modified: 2023-02-23 10:57 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description chikin.wong 2021-12-24 02:39:11 UTC 
Hi Team 

    We read through the following new that Apache httpd is having some vulnerability 
https://cybernews.com/news/apache-found-critical-bugs-in-httpd-web-server/
    We used apache 2.4.39 and apache 2.4.51 in our current environment for proxy purpose. May I know those reported vulnerability will affect our current apache version ? Please advise 

Best Regards
CK
Comment 2 WJCarpenter 2021-12-28 20:19:17 UTC 
For CVE-2021-44224, does "configurations mixing forward and reverse proxy declarations" mean ProxyPass/ProxyPassReverse combinations, or does it mean "ProxyRequests on, plus some other stuff". I think it probably means the latter, but just checking.
Comment 3 Ruediger Pluem 2022-01-07 10:51:06 UTC 
(In reply to WJCarpenter from comment #2)
> For CVE-2021-44224, does "configurations mixing forward and reverse proxy
> declarations" mean ProxyPass/ProxyPassReverse combinations, or does it mean
> "ProxyRequests on, plus some other stuff". I think it probably means the
> latter, but just checking.

The later