{
  "threat_severity" : "Moderate",
  "public_date" : "2021-09-16T00:00:00Z",
  "bugzilla" : {
    "description" : "httpd: NULL pointer dereference via malformed requests",
    "id" : "2005128",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2005128"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.", "A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability." ],
  "affected_release" : [ {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-apr-0:1.6.3-107.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-apr-util-0:1.6.1-84.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-curl-0:7.78.0-2.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-httpd-0:2.4.37-78.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-mod_http2-0:1.15.7-21.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-mod_md-1:2.0.8-40.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-mod_security-0:2.9.2-67.GA.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-nghttp2-0:1.39.2-39.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-openssl-1:1.1.1g-8.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-openssl-chil-0:1.0.0-7.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-apr-0:1.6.3-107.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-apr-util-0:1.6.1-84.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-curl-0:7.78.0-2.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-httpd-0:2.4.37-78.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_cluster-native-0:1.3.16-9.Final_redhat_2.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_http2-0:1.15.7-21.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_jk-0:1.2.48-20.redhat_1.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_md-1:2.0.8-40.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_security-0:2.9.2-67.GA.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-nghttp2-0:1.39.2-39.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-openssl-1:1.1.1g-8.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-openssl-chil-0:1.0.0-7.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4614",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-openssl-pkcs11-0:0.4.10-22.jbcs.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-01-17T00:00:00Z",
    "advisory" : "RHSA-2022:0143",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "httpd-0:2.4.6-97.el7_9.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-03-15T00:00:00Z",
    "advisory" : "RHSA-2022:0891",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "httpd:2.4-8050020220228164203.c5368500"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2022-09-29T00:00:00Z",
    "advisory" : "RHSA-2022:6753",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "httpd24-httpd-0:2.4.34-23.el7.5"
  }, {
    "product_name" : "Text-Only JBCS",
    "release_date" : "2021-11-10T00:00:00Z",
    "advisory" : "RHSA-2021:4613",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "httpd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "httpd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 6",
    "fix_state" : "Out of support scope",
    "package_name" : "httpd",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-34798\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-34798\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ],
  "name" : "CVE-2021-34798",
  "mitigation" : {
    "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.",
    "lang" : "en:us"
  },
  "csaw" : false
}