Article - CS353982
Update to Apache 2.4.51 in Windchill PDMLink
Modified: 28-Apr-2022
Applies To
- Windchill PDMLink 11.1 M010 to M010-CPS08
- Windchill PDMLink 11.1 M020 to M020-CPS21
- Windchill PDMLink 12.0.2.0 to 12.0.2.1
Description
- Update to Apache 2.4.51 in Windchill PDMLink
- According to https://httpd.apache.org/security/vulnerabilities_24.html
- Apache 2.4.49 fixes the following vulnerabilities
- moderate: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
- moderate: NULL pointer dereference in httpd core (CVE-2021-34798)
- moderate: mod_proxy_uwsgi out of bound read (CVE-2021-36160)
- low: ap_escape_quotes buffer overflow (CVE-2021-39275)
- high: mod_proxy SSRF (CVE-2021-40438)
- Apache 2.4.50 fixes the following vulnerabilities
- critical: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)
- moderate: null pointer dereference in h2 fuzzing (CVE-2021-41524)
- Apache 2.4.51 fixes the following vulnerabilities
- critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)
- Apache 2.4.49 fixes the following vulnerabilities
This is a printer-friendly version of Article 353982 and may be out of date. For the latest version click CS353982