ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

Published: 2021-09-16

CVSS: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Download Exploit for CVE-2021-39275 here:

Use Tor Browser to access .onion links.

Check our team here:

https://tatramed.sk/exploit-663-cve-2010-3333/

https://tatramed.sk/exploit-557-cve-2015-3035/

https://tatramed.sk/exploit-513-cve-2025-55680/