Return to Blog

VULNERABILITY:

Carefully crafted request targeting the mod_lua multipart parser – risk of Buffer Overflow.

DESCRIPTION/IMPACT:

While the Apache foundation has not yet identified an active exploit that targets this vulnerability, they have advised that it may be possible to craft one. The potential exploit affects Apache HTTP Server versions 2.4.51 and lower and carries a risk rating of 9.8 (critical) with the impact of a successful exploitation leading to a Buffer Overflow.

MITIGATION:

Upgrade to Apache HTTP Server version 2.4.52.
Servers not using updated upstream repositories disable mod_lua (if not required) by performing the following steps:

Further information can be found here:

https://nvd.nist.gov/vuln/detail/CVE-2021-44224
https://access.redhat.com/security/cve/cve-2021-44790
https://ubuntu.com/security/CVE-2021-44790
https://security-tracker.debian.org/tracker/CVE-2021-44790

Pentesec Summary:

This update comes with a Critical CVSS score of 9.8 – it is highly recommended that our customers patch to 2.4.52 immediately to mitigate the risk on their Apache HTTP Server or disable the mod_lua as described above if you are not using current and updated upstream repositories as no backported fix has been released at the time of this update.

Pentesec Security Essentials customers are under continuous monitoring for attempted exploitation.

Pentesec MDR customers are protected with the SentinelOne MDR platform, which will mitigate against any exploitation attempts as a result of this CVE.

We are closely monitoring the situation and any further updates will follow.