Description
By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability.
Affected Apache versions (up to 2.2.14 on Windows platform).
Remediation
Upgrade Apache to the latest version.
References
Related Vulnerabilities
Atlassian Jira CVE-2021-39121 Vulnerability (CVE-2021-39121)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4938)
WordPress Plugin My Tickets Cross-Site Request Forgery (1.9.10)
WordPress Plugin WooCommerce Social Login PHP Object Injection (2.6.2)
WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Security Bypass (2.15)