Page 1 of 1

Apache CVE : CVE-2021-41524

Posted: 2021/10/08 05:13:21
by somaraz
Hi Team,

I got alert for CVE-2021-41524 on apache running below Apache 2.4.49.
Currently I have httpd-2.4.6-97.el7.centos.x86_64 but I don't see any update available yet.

Am I safe with httpd-2.4.6-97.el7.centos.x86_64 ?

Thanks,

Re: Apache CVE : CVE-2021-41524

Posted: 2021/10/08 05:20:34
by larwood
My understanding is the vulnerabilities only affect versions 2.4.49 & 2.4.50. You should not be affected with 2.4.6.

https://www.cyber.gov.au/acsc/view-all- ... ttp-server
https://httpd.apache.org/security/vulne ... es_24.html

Re: Apache CVE : CVE-2021-41524

Posted: 2021/10/08 08:10:37
by TrevorH
The bug was introduced in 2.4.49 which was only released on Sept 16th 2021.

Re: Apache CVE : CVE-2021-41524

Posted: 2021/10/08 08:22:49
by jlehtone
https://access.redhat.com/security/cve/cve-2021-41524 says (about RHEL 7 and hence CL7): "Not affected"