CVE-2021-26690: 
Apache HTTP Server vulnerability analysis and mitigation

CVE-2021-26690 affects Apache HTTP Server versions 2.4.0 to 2.4.46. A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service. The vulnerability was discovered and reported by GHSL team member Antonio Morales ([Apache Vulnerabilities](http://httpd.apache.org/security/vulnerabilities24.html), OSS Security).

The vulnerability is a NULL pointer dereference in the mod_session module when parsing Cookie headers. It has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it is network accessible, requires low attack complexity, and primarily impacts system availability (NVD Database).

The primary impact of this vulnerability is on system availability through a potential Denial of Service condition. When successfully exploited, the NULL pointer dereference can cause the Apache HTTP Server process to crash (Apache Vulnerabilities).

The vulnerability was fixed in Apache HTTP Server version 2.4.48. Users are recommended to upgrade to this or a later version. No workarounds were provided in the official advisories (Apache Vulnerabilities).

Multiple Linux distributions and software vendors issued security advisories and patches for this vulnerability, including Red Hat, Debian, Fedora, Gentoo, and NetApp, indicating widespread industry response to address the security issue (Debian Security, Red Hat Advisory, NetApp Advisory).