moderate: Possible NULL dereference or SSRF in forward proxy
configurations in Apache HTTP Server 2.4.51 and earlier (CVE-2021-44224)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference) or, for
configurations mixing forward and reverse proxy declarations, can allow
for requests to be directed to a declared Unix Domain Socket endpoint
(Server Side Request Forgery).
high: Possible buffer overflow when parsing multipart content in
mod_lua of Apache HTTP Server 2.4.51 and earlier (CVE-2021-44790)
A
carefully crafted request body can cause a buffer overflow in the
mod_lua multipart parser (r:parsebody() called from Lua scripts).