CVE-2021-47575
CVE-2022-35890: Apache HTTP Server Cross-Site Request Forgery
Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
INFO
Published Date :
June 19, 2024, 3:15 p.m.
Last Modified :
June 20, 2024, 9:15 a.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
Exploitability Score :
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2021-47575 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2021-47575 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 20, 2024
Action Type Old Value New Value -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 20, 2024
Action Type Old Value New Value Changed Description In the Linux kernel, the following vulnerability has been resolved: xen/console: harden hvc_xen against event channel storms The Xen console driver is still vulnerable for an attack via excessive number of events sent by the backend. Fix that by using a lateeoi event channel. For the normal domU initial console this requires the introduction of bind_evtchn_to_irq_lateeoi() as there is no xenbus device available at the time the event channel is bound to the irq. As the decision whether an interrupt was spurious or not requires to test for bytes having been read from the backend, move sending the event into the if statement, as sending an event without having found any bytes to be read is making no sense at all. This is part of XSA-391 --- V2: - slightly adapt spurious irq detection (Jan Beulich) V3: - fix spurious irq detection (Jan Beulich) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Removed Reference kernel.org https://git.kernel.org/stable/c/c7eaa5082bccfc00dfdb500ac6cc86d6f24ca027 Removed Reference kernel.org https://git.kernel.org/stable/c/728389c21176b2095fa58e858d5ef1d2f2aac429 Removed Reference kernel.org https://git.kernel.org/stable/c/68b78f976ca47d52c03c41eded207a312e46b934 Removed Reference kernel.org https://git.kernel.org/stable/c/57e46acb3b48ea4e8efb1e1bea2e89e0c6cc43e2 Removed Reference kernel.org https://git.kernel.org/stable/c/560e64413b4a6d9bd6630e350d5f2e6a05f6ffe3 Removed Reference kernel.org https://git.kernel.org/stable/c/8fa3a370cc2af858a9ba662ca4f2bd0917550563 Removed Reference kernel.org https://git.kernel.org/stable/c/153d1ea3272209fc970116f09051002d14422cde Removed Reference kernel.org https://git.kernel.org/stable/c/fe415186b43df0db1f17fa3a46275fd92107fe71 -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 19, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: xen/console: harden hvc_xen against event channel storms The Xen console driver is still vulnerable for an attack via excessive number of events sent by the backend. Fix that by using a lateeoi event channel. For the normal domU initial console this requires the introduction of bind_evtchn_to_irq_lateeoi() as there is no xenbus device available at the time the event channel is bound to the irq. As the decision whether an interrupt was spurious or not requires to test for bytes having been read from the backend, move sending the event into the if statement, as sending an event without having found any bytes to be read is making no sense at all. This is part of XSA-391 --- V2: - slightly adapt spurious irq detection (Jan Beulich) V3: - fix spurious irq detection (Jan Beulich) Added Reference kernel.org https://git.kernel.org/stable/c/c7eaa5082bccfc00dfdb500ac6cc86d6f24ca027 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/728389c21176b2095fa58e858d5ef1d2f2aac429 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/68b78f976ca47d52c03c41eded207a312e46b934 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/57e46acb3b48ea4e8efb1e1bea2e89e0c6cc43e2 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/560e64413b4a6d9bd6630e350d5f2e6a05f6ffe3 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/8fa3a370cc2af858a9ba662ca4f2bd0917550563 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/153d1ea3272209fc970116f09051002d14422cde [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/fe415186b43df0db1f17fa3a46275fd92107fe71 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2021-47575 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2021-47575
weaknesses.