ePolicy Orchestrator Sustaining Statement (SSC2111221) - Apache HTTP Server Foundation Security Advisory for CVE-2021-26691

Technical Articles ID: KB95046
Last Modified: 2023-07-28 12:12:13 Etc/GMT

Environment

ePolicy Orchestrator (ePO) 5.10.x

Summary

Our response to Apache HTTP Server vulnerability CVE-2021-26691:

Overview
This document addresses concerns about ePO and the Apache HTTP Server vulnerability documented in CVE-2021-26691.
For details, see CVE-2021-26691.

Description CVE-2021-26691
In Apache HTTP Server versions 2.4.0–2.4.46, a specially crafted Session Header sent by an origin server could cause a heap overflow.

Research and Conclusions
The ePO Engineering team has reviewed this CVE and determined it to be not applicable to ePO:

ePO doesn't handle any user session management in Apache.
ePO doesn't load the vulnerable mod_session module, which is needed for this function.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

ePolicy Orchestrator Sustaining Statement (SSC2111221) - Apache HTTP Server Foundation Security Advisory for CVE-2021-26691

Environment

Summary

Affected Products

Languages:

Title

Title

Knowledge Center

ePolicy Orchestrator Sustaining Statement (SSC2111221) - Apache HTTP Server Foundation Security Advisory for CVE-2021-26691

Environment

Summary

Affected Products

Languages:

Choose your region

Title

Title