CVE-2021-30641
published 2021-06-10CVE-2021-30641: Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | 2.4.39 – 2.4.46 | — |
| apache_software_foundation | apache_http_server | — | — |
| apache_software_foundation | apache_http_server | — | — |
| apache_software_foundation | apache_http_server | — | — |
| apache_software_foundation | apache_http_server | — | — |
| debian | apache2 | < apache2 2.4.46-6 (bookworm) | apache2 2.4.46-6 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_httpd_2.4.46-10_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_httpd_2.4.46-5_on_cbl_mariner_1.0 | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | instantis_enterprisetrack | — | — |
| oracle | instantis_enterprisetrack | — | — |
| oracle | instantis_enterprisetrack | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv7.5HIGH