Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1dng-z415-n3cp
Vulnerability ID VCID-1dng-z415-n3cp
Aliases CVE-2021-44790
Summary A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Status Published
Exploitability 2.0
Weighted Severity 8.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json
epss 0.86227 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
epss 0.86227 https://api.first.org/data/v1/epss?cve=CVE-2021-44790
cvssv3.1 9.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
apache_httpd important https://httpd.apache.org/security/json/CVE-2021-44790.json
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json
https://api.first.org/data/v1/epss?cve=CVE-2021-44790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2034674 https://bugzilla.redhat.com/show_bug.cgi?id=2034674
CVE-2021-44790 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51193.py
CVE-2021-44790 https://httpd.apache.org/security/json/CVE-2021-44790.json
GLSA-202208-20 https://security.gentoo.org/glsa/202208-20
RHSA-2022:0143 https://access.redhat.com/errata/RHSA-2022:0143
RHSA-2022:0258 https://access.redhat.com/errata/RHSA-2022:0258
RHSA-2022:0288 https://access.redhat.com/errata/RHSA-2022:0288
RHSA-2022:0303 https://access.redhat.com/errata/RHSA-2022:0303
RHSA-2022:1136 https://access.redhat.com/errata/RHSA-2022:1136
RHSA-2022:1137 https://access.redhat.com/errata/RHSA-2022:1137
RHSA-2022:1138 https://access.redhat.com/errata/RHSA-2022:1138
RHSA-2022:1139 https://access.redhat.com/errata/RHSA-2022:1139
USN-5212-1 https://usn.ubuntu.com/5212-1/
USN-5212-2 https://usn.ubuntu.com/5212-2/
Data source Exploit-DB
Date added April 1, 2023
Description Apache 2.4.x - Buffer Overflow
Ransomware campaign use Known
Source publication date April 1, 2023
Exploit type webapps
Platform multiple
Source update date June 7, 2023
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99416
EPSS Score 0.86227
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:53:50.910036+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2021-44790.json 38.6.0