CVE-2021-30641

Severity

53%

Complexity

39%

Confidentiality

23%

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'

CVSS 3.1 Base Score 5.3. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

First reported 3 years ago

2021-06-10 07:15:00

Last updated 3 years ago

2021-12-02 21:05:00

Affected Software

Apache Software Foundation Apache HTTP Server

Debian Linux 9.0

9.0

Oracle Instantis EnterpriseTrack 17.1

17.1

Oracle Instantis EnterpriseTrack 17.2

17.2

Oracle Instantis EnterpriseTrack 17.3

17.3

References

N/A

N/A

[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json

[httpd-announce] 20210609 CVE-2021-30641: Unexpected URL matching with 'MergeSlashes OFF'

[oss-security] 20210609 CVE-2021-30641: Apache httpd: Unexpected URL matching with 'MergeSlashes OFF'

N/A

Vendor Advisory

N/A

Mailing List, Release Notes, Vendor Advisory

[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json

Mailing List, Vendor Advisory

[httpd-announce] 20210609 CVE-2021-30641: Unexpected URL matching with 'MergeSlashes OFF'

Mailing List, Vendor Advisory

[oss-security] 20210609 CVE-2021-30641: Apache httpd: Unexpected URL matching with 'MergeSlashes OFF'

Mailing List, Third Party Advisory

https://security.netapp.com/advisory/ntap-20210702-0001/

[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update

DSA-4937

GLSA-202107-38

https://security.netapp.com/advisory/ntap-20210702-0001/

Third Party Advisory

[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update

Mailing List, Third Party Advisory

DSA-4937

Third Party Advisory

GLSA-202107-38

Third Party Advisory

FEDORA-2021-dce7e7738e

Third Party Advisory

FEDORA-2021-e3f6dd670d

https://www.oracle.com/security-alerts/cpuoct2021.html

FEDORA-2021-dce7e7738e

Mailing List, Third Party Advisory

FEDORA-2021-e3f6dd670d

Mailing List

https://www.oracle.com/security-alerts/cpuoct2021.html

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.