CVE-2021-26691

CVE-2021-26691: Apache HTTP Server mod_session response handling heap overflow

Vendor Apache Software Foundation
Product Apache HTTP Server
Weakness CWE-122
Published June 10, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow

Key dates

Disclosure timeline

June 10, 2021 CVE published
August 3, 2024 Record updated