Vulnerability in Apache HTTP Server

Security researchers have discovered a buffer overflow vulnerability (CVE-2021-44790) in Apache HTTP Server. Successful exploitation could allow an attacker to perform a remote code execution attack.

The vulnerability is exploited through a carefully crafted request body which could cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).

This vulnerability affects Apache HTTP Server versions 2.4.51 and earlier. Administrators of the affected versions are advised to upgrade to the latest Apache HTTP Server version 2.4.52 immediately.

More information is available here:
https://httpd.apache.org/security/vulnerabilities_24.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
https://nvd.nist.gov/vuln/detail/CVE-2021-44790
https://portswigger.net/daily-swig/internet-bug-bounty-high-severity-vulnerability-in-apache-http-server-could-lead-to-rce