ePolicy Orchestrator Sustaining Statement (SSC2111221) - Apache HTTP Server Foundation Security Advisory for CVE-2021-26691

Technical Articles ID: KB95046
Last Modified: 11/30/2021

Environment

ePolicy Orchestrator (ePO) 5.10.x

Summary

McAfee Enterprise response to Apache HTTP Server vulnerability CVE-2021-26691.

Overview
This document addresses concerns about ePolicy Orchestrator and the Apache HTTP Server vulnerability documented in CVE-2021-26691.
For details, see CVE-2021-26691.

Description CVE-2021-26691
In Apache HTTP Server versions 2.4.0 to 2.4.46, a specially crafted Session Header sent by an origin server could cause a heap overflow.

Research and Conclusions
The ePO engineering team has reviewed this CVE and determined it to be not applicable to ePO:

ePO doesn’t handle any user session management in Apache.
ePO doesn’t load the vulnerable mod_session module which is needed for this function.

Affected Products

ePolicy Orchestrator 5.10.x
Vulnerability Response

Languages:

This article is available in the following languages:

English United States
Chinese Simplified

Knowledge Center

ePolicy Orchestrator Sustaining Statement (SSC2111221) - Apache HTTP Server Foundation Security Advisory for CVE-2021-26691

Environment

Summary

Affected Products

Languages:

Title

Title

Knowledge Center

ePolicy Orchestrator Sustaining Statement (SSC2111221) - Apache HTTP Server Foundation Security Advisory for CVE-2021-26691

Environment

Summary

Affected Products

Languages:

Choose your region

Title

Title