CVE-2021-26690

Name: Websites susceptible to CVE-2021-26690
Creator: WebTechSurvey

CVE-2021-26690

mod_session NULL pointer dereference

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

We have discovered 953,489 live websites that are affected by CVE-2021-26690.

Run a Free Instant Scan

Affected Software


Product	Apache
Category	Web Servers
Vulnerable Domains	953,489 live websites (34% of Apache install base)
Vulnerable Versions	from 2.4 through 2.4 from 2.4.1 through 2.4.1 from 2.4.2 through 2.4.2 from 2.4.3 through 2.4.3 from 2.4.4 through 2.4.4 from 2.4.6 through 2.4.6 from 2.4.7 through 2.4.7 from 2.4.9 through 2.4.9 from 2.4.10 through 2.4.10 from 2.4.12 through 2.4.12 from 2.4.16 through 2.4.16 from 2.4.17 through 2.4.17 from 2.4.18 through 2.4.18 from 2.4.20 through 2.4.20 from 2.4.23 through 2.4.23 from 2.4.25 through 2.4.25 from 2.4.26 through 2.4.26 from 2.4.27 through 2.4.27 from 2.4.28 through 2.4.28 from 2.4.29 through 2.4.29 from 2.4.33 through 2.4.33 from 2.4.34 through 2.4.34 from 2.4.35 through 2.4.35 from 2.4.37 through 2.4.37 from 2.4.38 through 2.4.38 from 2.4.39 through 2.4.39 from 2.4.41 through 2.4.41 from 2.4.43 through 2.4.43 from 2.4.46 through 2.4.46
Vulnerable Versions Count	29 versions ( 24% of all versions)

Available Reports

Website List

Details

Published - Jun 10, 2021
Updated - Aug 3, 2024

Credits

This issue was discovered and reported by GHSL team member @antonio-morales (Antonio Morales)

CVE References

Website Distribution by Country

Number of websites using CVE-2021-26690

United States	290,937 websites

Germany	90,095 websites
France	58,462 websites
Japan	42,300 websites
Russia	38,156 websites
Italy	34,787 websites
Netherlands	33,743 websites
Singapore	28,631 websites
Czech Republic	27,467 websites
Canada	25,675 websites

Website Distribution by TLD

Number of websites using CVE-2021-26690

.com	363,146 websites
.de	55,182 websites
.org	43,148 websites
.net	37,298 websites
.ru	33,189 websites
.it	31,449 websites
.nl	24,811 websites
.cz	22,755 websites
.pl	20,711 websites
.fr	18,837 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2021-26690

Top websites that are affected by CVE-2021-26690. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
*******.com	Singapore	***
***********..*..**********.net	United States	***
*********.net	United States	***
*.**.us	United States	,**
*.*******.com	Singapore	,**
***.*****.com	Singapore	,**
******************.com	United States	,**
**.*******.net	GB	,**
*******.org	United States	,**
****.com	United States	,**

See full domain list

FAQ

A total of 953,489 websites have been identified as vulnerable to CVE-2021-26690, based on global website indexing conducted by WebTechSurvey.

The Apache is affected by the CVE-2021-26690 vulnerability.

Apache versions up to and including 2.4.46 are vulnerable to CVE-2021-26690.

CVE-2021-26690

Affected Software

Available Reports

Details

Credits

CVE References

Website Distribution by Country

Website Distribution by TLD

Vulnerable Versions

Websites affected by CVE-2021-26690

How many websites are affected by the CVE-2021-26690 vulnerability?

Which technology is affected by CVE-2021-26690?

Which versions of Apache are vulnerable to CVE-2021-26690?

References