CVE-2021-33580— regex injection leading to DoS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-33580
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
regex injection leading to DoS
Source: NVD (National Vulnerability Database)
Vulnerability Description
User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Roller 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Roller是美国阿帕奇(Apache)基金会的一套基于Java的多用户开源博客系统。 Apache Roller中存在安全漏洞。目前暂无该漏洞信息,请随时关注CNNVD或厂商公告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Roller | Apache Roller ~ 6.0.2 | - |
II. Public POCs for CVE-2021-33580
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-33580
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: Apache Roller
- CVE-2025-24859
Apache Roller: Insufficient Session Expiration on Password C - CVE-2024-46911
Apache Roller: Weakness in CSRF protection allows privilege - CVE-2024-25090
Apache Roller: Insufficient input validation for some user p - CVE-2023-37581
Apache Roller: Roller's weblog category, weblog settings and - CVE-2019-0234
Apache Roller 跨站脚本漏洞
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-400
- CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS - CVE-2026-20188
Cisco Crosswork Network Controller and Cisco Network Service
V. Comments for CVE-2021-33580
No comments yet