Launchpad CVE tracker

CVE 2021-44224

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

Related bugs and status

CVE-2021-44224 (Candidate) is related to these bugs:

Bug #1832182: systemd unable to detect running apache if invoked via "apache2ctl graceful"

		In	Importance	Status
1832182	systemd unable to detect running apache if invoked via "apache2ctl graceful"	apache2 (Ubuntu)	High	Triaged
1832182	systemd unable to detect running apache if invoked via "apache2ctl graceful"	apache2 (Debian)	Unknown	New
1832182	systemd unable to detect running apache if invoked via "apache2ctl graceful"	apache2 (Ubuntu Groovy)	High	Won't Fix
1832182	systemd unable to detect running apache if invoked via "apache2ctl graceful"	apache2 (Ubuntu Focal)	High	Fix Released
1832182	systemd unable to detect running apache if invoked via "apache2ctl graceful"	apache2 (Ubuntu Bionic)	High	Fix Released
1832182	systemd unable to detect running apache if invoked via "apache2ctl graceful"	apache2 (Ubuntu Xenial)	High	Won't Fix
1832182	systemd unable to detect running apache if invoked via "apache2ctl graceful"	apache2 (Ubuntu Hirsute)	High	Won't Fix
1832182	systemd unable to detect running apache if invoked via "apache2ctl graceful"	apache2 (Ubuntu Jammy)	High	Triaged
1832182	systemd unable to detect running apache if invoked via "apache2ctl graceful"	apache2 (Ubuntu Impish)	High	Won't Fix

Bug #1956386: CVE patch request

Summary				In	Importance	Status
	1956386	CVE patch request		apache2 (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-44224

References