Showing 1 - 4 of 4

CVE-2021-41773

Status Candidate

Overview

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

Related Files

Gentoo Linux Security Advisory 202208-20: Posted Aug 15, 2022; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202208-20 - Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Versions less than 2.4.54 are affected.; tags | advisory, remote, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438, CVE-2021-41524, CVE-2021-41773, CVE-2021-42013, CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943; SHA-256 | 09faf82799a2bf38cabe52ae6e5241cdb6c0783b19a0355526c5faf16d5eadc3; Download | Favorite | View

Apache HTTP Server 2.4.50 Remote Code Execution: Posted Nov 11, 2021; Authored by Valentin Lobstein, Lucas Schnell; This is another variant of the Apache HTTP server version 2.4.50 remote code execution exploit.; tags | exploit, remote, web, code execution; advisories | CVE-2021-41773, CVE-2021-42013; SHA-256 | 1aab010960ead5e3662859fd06680b20932ece6ecf7a7c80a05437497896bb8f; Download | Favorite | View

Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution: Posted Oct 25, 2021; Authored by Dhiraj Mishra, Ramella Sebastien, Ash Daulton | Site metasploit.com; This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).; tags | exploit, remote, arbitrary, cgi, root, code execution; advisories | CVE-2021-41773, CVE-2021-42013; SHA-256 | a75779abdd3a9f2a319a34c0efbba4f95b420f39624081c3a13752641b7c8d6d; Download | Favorite | View

Apache HTTP Server 2.4.49 Path Traversal / Remote Code Execution: Posted Oct 6, 2021; Authored by Lucas Souza; Apache HTTP Server version 2.4.49 suffers from a path traversal vulnerability.; tags | exploit, web, file inclusion; advisories | CVE-2021-41773; SHA-256 | 4eccc2583086d9890750a8b83bcb7c04d9c447598c4297ae1b910acd7f05acb5; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2021-41773

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems