Description

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

Remediation

References

CVE-2021-33193

Related Vulnerabilities

WordPress Plugin Smash Balloon Social Post Feed Unspecified Vulnerability (2.4.2)

WordPress Plugin Login Security Solution Multiple Unspecified Vulnerabilities (0.50.0)

WordPress Plugin Advanced Order Export For WooCommerce CSV Injection (1.5.4)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.10)

MySQL CVE-2018-3073 Vulnerability (CVE-2018-3073)

Severity

High

Classification

CVE-2021-33193 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities