| Vulnerability Name: | CVE-2021-42013 (CCN-210764) |
| Assigned: | 2021-10-05 |
| Published: | 2021-10-05 |
| Updated: | 2022-10-05 |
| Summary: | It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
|
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.2 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:R)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.6 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:R)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-22
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2021-42013
Source: CCN
Type: JVN#51106450
Apache HTTP Server vulnerable to directory traversal
Source: JVN
Type: Third Party Advisory
JVN#51106450
Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html
Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html
Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
Source: MISC
Type: Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html
Source: MISC
Type: Exploit, Third Party Advisory
http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html
Source: CCN
Type: Apache Web site
HTTP Server
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211007 CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211009 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211011 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211015 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20211016 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: XF
Type: UNKNOWN
apache-cve202142013-code-exec(210764)
Source: MISC
Type: Vendor Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Source: MLIST
Type: Mailing List, Vendor Advisory
[httpd-cvs] 20211008 [httpd-site] branch main updated: * Align with CVE-2021-42013 based on the latest findings
Source: MLIST
Type: Mailing List
[announce] 20211007 CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: MLIST
Type: Mailing List
[httpd-users] 20211007 [users@httpd] CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-2a10bc68a4
Source: FEDORA
Type: Mailing List
FEDORA-2021-aaf90ef84a
Source: CCN
Type: Packet Storm Security [10-13-2021]
Apache HTTP Server 2.4.50 Path Traversal / Code Execution
Source: CCN
Type: Packet Storm Security [10-24-2021]
Apache HTTP Server 2.4.50 Remote Code Execution
Source: CCN
Type: Packet Storm Security [10-25-2021]
Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution
Source: CCN
Type: Packet Storm Security [11-11-2021]
Apache HTTP Server 2.4.50 Remote Code Execution
Source: CCN
Type: Packet Storm Security [11-29-2021]
Apache HTTP Server 2.4.50 CVE-2021-42013 Exploitation
Source: CCN
Type: Packet Storm Security [06-06-2022]
Apache 2.4.50 Remote Code Execution
Source: GENTOO
Type: Third Party Advisory
GLSA-202208-20
Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20211029-0009/
Source: CISCO
Type: Third Party Advisory
20211007 Apache HTTP Server Vulnerabilties: October 2021
Source: CCN
Type: Twitter Web site
CVE-2021-41773
Source: CCN
Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY
KNOWN EXPLOITED VULNERABILITIES CATALOG
Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-13-2021]
Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-25-2021]
Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [11-11-2021]
Source: CCN
Type: IBM Security Bulletin 6541330 (Rational Build Forge)
IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-42013)
Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022
Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Source: MISC
Type: Exploit, Third Party Advisory
https://www.povilaika.com/apache-2-4-50-exploit/
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:apache:http_server:2.4.49:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.50:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Configuration 3:
cpe:/a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*OR cpe:/a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*OR cpe:/a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*OR cpe:/a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* (Version < 9.2.6.0)OR cpe:/a:oracle:secure_backup:*:*:*:*:*:*:*:* (Version < 18.1.0.1.0)
Configuration 4:
cpe:/a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:apache:http_server:2.4.49:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.4.50:*:*:*:*:*:*:*AND cpe:/a:ibm:rational_build_forge:8.0:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |