| Vulnerability Name: | CVE-2021-41773 (CCN-210662) |
| Assigned: | 2021-09-26 |
| Published: | 2021-09-26 |
| Updated: | 2022-10-28 |
| Summary: | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
|
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): None |
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-22
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2021-41773
Source: CCN
Type: Apache Web site
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)
Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html
Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html
Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html
Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211005 CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211007 RE: CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211007 CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211009 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20211011 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20211015 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211016 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: XF
Type: UNKNOWN
apache-cve202141773-dir-trav(210662)
Source: MISC
Type: Vendor Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Source: MLIST
Type: Mailing List, Patch, Vendor Advisory
[httpd-cvs] 20211008 [httpd-site] branch main updated: * Align with CVE-2021-42013 based on the latest findings
Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-users] 20211005 [users@httpd] CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
Source: MLIST
Type: Mailing List, Vendor Advisory
[announce] 20211007 CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Vendor Advisory
[announce] 20211005 CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-users] 20211007 [users@httpd] CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-2a10bc68a4
Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-aaf90ef84a
Source: CCN
Type: Packet Storm Security [10-06-2021]
Apache HTTP Server 2.4.49 Path Traversal
Source: CCN
Type: Packet Storm Security [10-25-2021]
Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution
Source: CCN
Type: Packet Storm Security [11-11-2021]
Apache HTTP Server 2.4.50 Remote Code Execution
Source: GENTOO
Type: Third Party Advisory
GLSA-202208-20
Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20211029-0009/
Source: CISCO
Type: Third Party Advisory
20211007 Apache HTTP Server Vulnerabilties: October 2021
Source: CCN
Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY
KNOWN EXPLOITED VULNERABILITIES CATALOG
Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-06-2021]
Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-25-2021]
Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [11-11-2021]
Source: CCN
Type: oss-sec Mailing List, Tue, 05 Oct 2021 09:03:14 +0000
CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:apache:http_server:2.4.49:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Configuration 3:
cpe:/a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*OR cpe:/a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*OR cpe:/a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
Configuration 4:
cpe:/a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:apache:http_server:2.4.49:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |