Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-35940)

Description

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.

Remediation

References

Related Vulnerabilities

Joomla Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2005-4650)

WordPress Plugin Crowd Ideas Cross-Site Scripting (1.0)

LiteSpeed Web Server Out-of-bounds Read Vulnerability (CVE-2004-0112)

PHP Other Vulnerability (CVE-2014-9425)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43559)

Severity

High

Classification

CVE-2021-35940 CWE-125 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities