Description
Cytrix has detected that the version of the Apache HTTP Server being used is vulnerable to NULL Pointer Dereference. Also known as CVE-2021-34798.
Malformed requests may cause the server to dereference a NULL pointer.
A NULL pointer dereference in the httpd will allow a remote attacker, without authentication, to crash httpd by providing malformed HTTP requests.
This will greatly impact the system’s availability.
Severity/Score
CVSS Version 3.x – 7.5 High
Recommendation
To fix CVE-2021-34798, update the version of the Apache HTTP Server being used to 2.4.49 or higher.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
https://cwe.mitre.org/data/definitions/476.html