In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the PROXY protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 2.4.33 (including) | 2.4.33 (including) |
| Http_server | Apache | 2.4.34 (including) | 2.4.34 (including) |
| Http_server | Apache | 2.4.35 (including) | 2.4.35 (including) |
| Http_server | Apache | 2.4.37 (including) | 2.4.37 (including) |
| Http_server | Apache | 2.4.38 (including) | 2.4.38 (including) |
| Apache2 | Ubuntu | disco | * |
| Apache2 | Ubuntu | trusty | * |
| Apache2 | Ubuntu | upstream | * |
| JBoss Core Services Apache HTTP Server 2.4.37 SP2 | RedHat | httpd | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-apr-0:1.6.3-86.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el6 | * |
| JBoss Core Services on RHEL 6 | RedHat | jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el6 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-apr-0:1.6.3-86.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-brotli-0:1.0.6-21.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-httpd-0:2.4.37-52.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-mod_cluster-native-0:1.3.12-41.Final_redhat_2.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-mod_http2-0:1.11.3-22.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-openssl-1:1.1.1c-16.jbcs.el7 | * |
| Red Hat Enterprise Linux 8 | RedHat | httpd:2.4-8030020200818000036.30b713e6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | httpd24-0:1.1-19.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | httpd24-httpd-0:2.4.34-15.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | httpd24-nghttp2-0:1.7.1-8.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-0:1.1-19.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-httpd-0:2.4.34-15.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-nghttp2-0:1.7.1-8.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | httpd24-0:1.1-19.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | httpd24-httpd-0:2.4.34-15.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | httpd24-nghttp2-0:1.7.1-8.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | httpd24-0:1.1-19.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | httpd24-httpd-0:2.4.34-15.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | httpd24-nghttp2-0:1.7.1-8.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | httpd24-0:1.1-19.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | httpd24-httpd-0:2.4.34-15.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | httpd24-nghttp2-0:1.7.1-8.el7 | * |