CVE-2021-33193

High

7.5/10

Summary

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

References

Advisory Timeline

Published Aug 16, 2021

CVE-2021-33193

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS