CVE-2021-33193

Summary

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HTTP ServerApache HTTP Server 2.4 2.4.17 to 2.4.48affected

Weaknesses

  • Request Splitting

ADP Enrichment

CVE Program Container

Additional References

References