CVE-2021-36160— mod_proxy_uwsgi out of bound read

EPSS 4.69% · P89 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-36160

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

mod_proxy_uwsgi out of bound read

Source: NVD (National Vulnerability Database)

Vulnerability Description

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

跨界内存读

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache HTTP Server 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache HTTP Server是美国阿帕奇（Apache）基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 存在缓冲区错误漏洞，攻击者可利用该漏洞通过一个精心设计的请求uri路径导致mod代理uwsgi读取上面分配的内存并崩溃(DoS)。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Apache Software Foundation	Apache HTTP Server	Apache HTTP Server 2.4 ~ 2.4.48	-

II. Public POCs for CVE-2021-36160

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-36160

请登录查看更多情报信息。

https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
http://httpd.apache.org/security/vulnerabilities_24.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20211008-0004/x_refsource_CONFIRM
https://www.debian.org/security/2021/dsa-4982vendor-advisoryx_refsource_DEBIAN
Apache HTTPD: Multiple Vulnerabilities (GLSA 202208-20) — Gentoo securityvendor-advisoryx_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/vendor-advisoryx_refsource_FEDORA
https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb%40%3Cbugs.httpd.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a%40%3Cbugs.httpd.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a%40%3Cbugs.httpd.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3%40%3Cbugs.httpd.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3Cbugs.httpd.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781%40%3Cbugs.httpd.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3Emailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/09/msg00016.htmlmailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/10/msg00016.htmlmailing-listx_refsource_MLIST
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQvendor-advisoryx_refsource_CISCO
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3Ccvs.httpd.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3Emailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2021-36160

Same Patch Batch · Apache Software Foundation · 2021-09-16 · 6 CVEs total

CVE-2021-41079		Apache Tomcat DoS with unexpected TLS packet
CVE-2021-40438		mod_proxy SSRF
CVE-2021-39275		ap_escape_quotes buffer overflow
CVE-2021-39239		XML External Entity (XXE) vulnerability
CVE-2021-34798		NULL pointer dereference in httpd core

IV. Related Vulnerabilities

Same product: Apache HTTP Server

Same vendor: Apache Software Foundation

Same weakness: CWE-125

V. Comments for CVE-2021-36160

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-36160— mod_proxy_uwsgi out of bound read

I. Basic Information for CVE-2021-36160

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-36160

III. Intelligence Information for CVE-2021-36160

Same Patch Batch · Apache Software Foundation · 2021-09-16 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-36160

Leave a comment