var-202110-1691
Vulnerability from variot
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. The server is fast, reliable and extensible through a simple API. This vulnerability is caused by the fact that the ap_normalize_path function is not strictly verified after the introduction of the function. Attackers can use this vulnerability to obtain sensitive information or control the target server. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20
https://security.gentoo.org/
Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20
Synopsis
Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-admin/apache-tools < 2.4.54 >= 2.4.54 2 www-servers/apache < 2.4.54 >= 2.4.54
Description
Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
All Apache HTTPD tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
References
[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202110-1691", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "http server", scope: "eq", trust: 1.6, vendor: "apache", version: "2.4.49", }, { model: "instantis enterprisetrack", scope: "eq", trust: 1, vendor: "oracle", version: "17.3", }, { model: "instantis enterprisetrack", scope: "eq", trust: 1, vendor: "oracle", version: "17.2", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "34", }, { model: "cloud backup", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "instantis enterprisetrack", scope: "eq", trust: 1, vendor: "oracle", version: "17.1", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "35", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-03222", }, { db: "NVD", id: "CVE-2021-41773", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Valentin Lobstein", sources: [ { db: "CNNVD", id: "CNNVD-202109-1907", }, ], trust: 0.6, }, cve: "CVE-2021-41773", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2021-41773", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2022-03222", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-41773", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-41773", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2022-03222", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202109-1907", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2021-41773", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-03222", }, { db: "VULMON", id: "CVE-2021-41773", }, { db: "CNNVD", id: "CNNVD-202109-1907", }, { db: "NVD", id: "CVE-2021-41773", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. The server is fast, reliable and extensible through a simple API. This vulnerability is caused by the fact that the ap_normalize_path function is not strictly verified after the introduction of the function. Attackers can use this vulnerability to obtain sensitive information or control the target server. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-admin/apache-tools < 2.4.54 >= 2.4.54\n 2 www-servers/apache < 2.4.54 >= 2.4.54\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Apache HTTPD. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n", sources: [ { db: "NVD", id: "CVE-2021-41773", }, { db: "CNVD", id: "CNVD-2022-03222", }, { db: "VULMON", id: "CVE-2021-41773", }, { db: "PACKETSTORM", id: "168072", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-41773", trust: 2.4, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/15/3", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/07/6", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/09/1", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/08/4", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/08/3", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/16/1", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/11/4", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/08/2", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/08/6", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/07/1", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/05/2", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/08/5", trust: 1.7, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/10/08/1", trust: 1.7, }, { db: "PACKETSTORM", id: "164941", trust: 1.7, }, { db: "PACKETSTORM", id: "164629", trust: 1.7, }, { db: "PACKETSTORM", id: "164418", trust: 1.7, }, { db: "PACKETSTORM", id: "168072", trust: 0.7, }, { db: "CNVD", id: "CNVD-2022-03222", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3348", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3287", trust: 0.6, }, { db: "EXPLOIT-DB", id: "50383", trust: 0.6, }, { db: "CS-HELP", id: "SB2021101513", trust: 0.6, }, { db: "CS-HELP", id: "SB2021100601", trust: 0.6, }, { db: "CS-HELP", id: "SB2021100802", trust: 0.6, }, { db: "CXSECURITY", id: "WLB-2021110108", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202109-1907", trust: 0.6, }, { db: "VULMON", id: "CVE-2021-41773", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-03222", }, { db: "VULMON", id: "CVE-2021-41773", }, { db: "PACKETSTORM", id: "168072", }, { db: "CNNVD", id: "CNNVD-202109-1907", }, { db: "NVD", id: "CVE-2021-41773", }, ], }, id: "VAR-202110-1691", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-03222", }, ], trust: 0.06, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-03222", }, ], }, last_update_date: "2024-11-23T20:08:18.678000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for Apache HTTP Server Path Traversal Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/313146", }, { title: "Apache HTTP Server Repair measures for path traversal vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165581", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/ranggaggngntt/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/LudovicPatho/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/LayarKacaSiber/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/MazX0p/CVE-2021-41773 ", }, { title: "lab-cve-2021-41773", trust: 0.1, url: "https://github.com/htrgouvea/lab-cve-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/dileepdkumar/LayarKacaSiber-CVE-2021-41773 ", }, { title: "MASS_CVE-2021-41773", trust: 0.1, url: "https://github.com/i6c/MASS_CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/mightysai1997/CVE-2021-41773h ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/masahiro331/CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/mightysai1997/CVE-2021-41773S ", }, { title: "cve-2021-41773", trust: 0.1, url: "https://github.com/walnutsecurity/cve-2021-41773 ", }, { title: "cve-2021-41773-nse", trust: 0.1, url: "https://github.com/TishcaTpx/cve-2021-41773-nse ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/BlueTeamSteve/CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/noflowpls/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/1nhann/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/creadpag/CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/MatanelGordon/docker-cve-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/ComdeyOverFlow/CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/12345qwert123456/CVE-2021-41773 ", }, { title: "CVE-2021-41773-POC", trust: 0.1, url: "https://github.com/creadpag/CVE-2021-41773-POC ", }, { title: "mass_cve-2021-41773", trust: 0.1, url: "https://github.com/justakazh/mass_cve-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/mightysai1997/CVE-2021-41773-PoC ", }, { title: "cve-2021-41773-nse", trust: 0.1, url: "https://github.com/creadpag/cve-2021-41773-nse ", }, { title: "apache_normalize_path", trust: 0.1, url: "https://github.com/Zeop-CyberSec/apache_normalize_path ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/b1tsec/CVE-2021-41773 ", }, { title: "CVE-2021-41773-PoC", trust: 0.1, url: "https://github.com/habibiefaried/CVE-2021-41773-PoC ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/oxctdev/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/blasty/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/0xRar/CVE-2021-41773 ", }, { title: "Poc-CVE-2021-41773", trust: 0.1, url: "https://github.com/LetouRaphael/Poc-CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/spiderz0ne/CVE-2021-41773 ", }, { title: "CVE-2021-41773-PoC", trust: 0.1, url: "https://github.com/lorddemon/CVE-2021-41773-PoC ", }, { title: "POC-CVE-2021-41773", trust: 0.1, url: "https://github.com/kubota/POC-CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/WynSon/CVE-2021-41773 ", }, { title: "unix-v7-uucp-chkpth-bug", trust: 0.1, url: "https://github.com/mahtin/unix-v7-uucp-chkpth-bug ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/AssassinUKG/CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/Adamanti1/CVE-2021-41773_Vulnerable-service ", }, { title: "", trust: 0.1, url: "https://github.com/iosifache/ApacheRCEEssay ", }, { title: "PATCH-CVE-2021-41773", trust: 0.1, url: "https://github.com/fastAsF/PATCH-CVE-2021-41773 ", }, { title: "cve-2021-41773", trust: 0.1, url: "https://github.com/mohwahyudi/cve-2021-41773 ", }, { title: "Simple-CVE-2021-41773-checker", trust: 0.1, url: "https://github.com/jheeree/Simple-CVE-2021-41773-checker ", }, { title: "", trust: 0.1, url: "https://github.com/retrymp3/apache2.4.49VulnerableLabSetup ", }, { title: "", trust: 0.1, url: "https://github.com/TheKernelPanic/exploit-apache2-cve-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/maennis/cybersecurity-reports ", }, { title: "", trust: 0.1, url: "https://github.com/luismede/apache2.4.49-exploit ", }, { title: "", trust: 0.1, url: "https://github.com/sergiovks/LFI-RCE-Unauthenticated-Apache-2.4.49-2.4.50 ", }, { title: "", trust: 0.1, url: "https://github.com/Fireeeeeeee/Web-API-Security-Detection-System ", }, { title: "ctf-zup-2021-2", trust: 0.1, url: "https://github.com/leoplana/ctf-zup-2021-2 ", }, { title: "", trust: 0.1, url: "https://github.com/libraloge/trysomething ", }, { title: "ProofofExploit", trust: 0.1, url: "https://github.com/5h1nN/ProofofExploit ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/r00tVen0m/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/xMohamed0/CVE-2021-41773 ", }, { title: "CVE-2021-41773-exercise", trust: 0.1, url: "https://github.com/m96dg/CVE-2021-41773-exercise ", }, { title: "", trust: 0.1, url: "https://github.com/not-matthias/sigflag-ctf ", }, { title: "CVE-2021-41773_Exploit", trust: 0.1, url: "https://github.com/Ming119/CVE-2021-41773_Exploit ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/Sakura-nee/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/thehackersbrain/CVE-2021-41773 ", }, { title: "One-Liner-Scripts", trust: 0.1, url: "https://github.com/litt1eb0yy/One-Liner-Scripts ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/ajdumanhug/CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/K3ysTr0K3R/CVE-2021-41773-EXPLOIT ", }, { title: "apache2.4.49-exploit", trust: 0.1, url: "https://github.com/lu1sjddk/apache2.4.49-exploit ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/PentesterGuruji/CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/Iris288/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/wolf1892/CVE-2021-41773 ", }, { title: "Reserch-CVE-2021-41773", trust: 0.1, url: "https://github.com/DoTuan1/Reserch-CVE-2021-41773 ", }, { title: "CVE-2021-41773-RCE", trust: 0.1, url: "https://github.com/fnatalucci/CVE-2021-41773-RCE ", }, { title: "", trust: 0.1, url: "https://github.com/mightysai1997/CVE-2021-41773-L- ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/KAB8345/CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/12345qwert123456/CVE-2021-41773_Vulnerable-service ", }, { title: "", trust: 0.1, url: "https://github.com/hab1b0x/CVE-2021-41773 ", }, { title: "POC-CVE-2021-41773", trust: 0.1, url: "https://github.com/TishcaTpx/POC-CVE-2021-41773 ", }, { title: "CVE-2021-41773-PoC", trust: 0.1, url: "https://github.com/anonsecteaminc/CVE-2021-41773-PoC ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/scarmandef/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/EagleTube/CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/elihsane/CyberSecurityTaak-El-Jari ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/RyouYoo/CVE-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/itsecurityco/CVE-2021-41773 ", }, { title: "Scanner-CVE-2021-41773", trust: 0.1, url: "https://github.com/vida00/Scanner-CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/mightysai1997/CVE-2021-41773m ", }, { title: "", trust: 0.1, url: "https://github.com/vuongnv3389-sec/cve-2021-41773 ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/TheLastVvV/CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/Adamanti1/CVE-2021-41773-Vulnerable-service ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/Fa1c0n35/CVE-2021-41773 ", }, { title: "Ethical-Hacking-Tools", trust: 0.1, url: "https://github.com/technovalley-aks/Ethical-Hacking-Tools ", }, { title: "akhan4u", trust: 0.1, url: "https://github.com/akhan4u/akhan4u ", }, { title: "Vulhub_Exp", trust: 0.1, url: "https://github.com/N0el4kLs/Vulhub_Exp ", }, { title: "", trust: 0.1, url: "https://github.com/anldori/CVE-2021-41773-Scanner ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/puckiestyle/CVE-2021-41773 ", }, { title: "CVE-Exploits", trust: 0.1, url: "https://github.com/AkshayraviC09YC47/CVE-Exploits ", }, { title: "vulnerable_docker_apache_2_4_49", trust: 0.1, url: "https://github.com/m96dg/vulnerable_docker_apache_2_4_49 ", }, { title: "GoHackTools", trust: 0.1, url: "https://github.com/0e0w/GoHackTools ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/mauricelambert/CVE-2021-41773 ", }, { title: "CVE-2021-41773-exploiter", trust: 0.1, url: "https://github.com/norrig/CVE-2021-41773-exploiter ", }, { title: "CVE-2021-41773-exploit", trust: 0.1, url: "https://github.com/vinhjaxt/CVE-2021-41773-exploit ", }, { title: "", trust: 0.1, url: "https://github.com/luisjddk/apache2.4.49-exploit ", }, { title: "CVE-2021-41773", trust: 0.1, url: "https://github.com/the29a/CVE-2021-41773 ", }, { title: "", trust: 0.1, url: "https://github.com/mightysai1997/CVE-2021-41773.git1 ", }, { title: "", trust: 0.1, url: "https://github.com/francescoblefari/progetto_tesi_magistrale ", }, { title: "", trust: 0.1, url: "https://github.com/cyberanand1337x/apache-latest-exploit ", }, { title: "", trust: 0.1, url: "https://github.com/Plunder283/CVE-2021-41773 ", }, { title: "The Register", trust: 0.1, url: "https://www.theregister.co.uk/2021/10/11/in_brief_security/", }, { title: "BleepingComputer", trust: 0.1, url: "https://www.bleepingcomputer.com/news/security/apache-emergency-update-fixes-incomplete-patch-for-exploited-bug/", }, { title: "The Register", trust: 0.1, url: "https://www.theregister.co.uk/2021/10/06/apache_web_server_data_patch/", }, { title: "BleepingComputer", trust: 0.1, url: "https://www.bleepingcomputer.com/news/security/actively-exploited-apache-0-day-also-allows-remote-code-execution/", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/apache-web-server-zero-day-sensitive-data/175340/", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-03222", }, { db: "VULMON", id: "CVE-2021-41773", }, { db: "CNNVD", id: "CNNVD-202109-1907", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-22", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2021-41773", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "http://packetstormsecurity.com/files/164418/apache-http-server-2.4.49-path-traversal-remote-code-execution.html", }, { trust: 2.3, url: "http://packetstormsecurity.com/files/164629/apache-2.4.49-2.4.50-traversal-remote-code-execution.html", }, { trust: 2.3, url: "http://packetstormsecurity.com/files/164941/apache-http-server-2.4.50-remote-code-execution.html", }, { trust: 1.8, url: "https://security.gentoo.org/glsa/202208-20", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/05/2", }, { trust: 1.7, url: "http://packetstormsecurity.com/files/164418/apache-http-server-2.4.49-path-traversal.html", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/07/1", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/07/6", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/08/1", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/08/2", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/08/4", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/08/3", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/08/6", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/08/5", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/09/1", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/11/4", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/15/3", }, { trust: 1.7, url: "http://www.openwall.com/lists/oss-security/2021/10/16/1", }, { trust: 1.7, url: "https://security.netapp.com/advisory/ntap-20211029-0009/", }, { trust: 1.7, url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { trust: 1.3, url: "https://nvd.nist.gov/vuln/detail/cve-2021-41773", }, { trust: 1.2, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-", }, { trust: 1.1, url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { trust: 1.1, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-pathtrv-lazg68cz", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3cusers.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3cannounce.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3cannounce.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3cusers.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rmiiefinl6fuiopd2a3m5xc6dh45y3cc/", }, { trust: 1.1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ws5rvhoiirecg65zbtzy7iejvwqsqpg3/", }, { trust: 0.6, url: "httpd.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f@%3cusers.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3cannounce.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45@%3cannounce.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3cusers.", }, { trust: 0.6, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rmiiefinl6fuiopd2a3m5xc6dh45y3cc/", }, { trust: 0.6, url: "httpd.apache.org/security/vulnerabilities_24.html", }, { trust: 0.6, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ws5rvhoiirecg65zbtzy7iejvwqsqpg3/", }, { trust: 0.6, url: "https://access.redhat.com/security/cve/cve-2021-41773", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3348", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021101513", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3287", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021100601", }, { trust: 0.6, url: "https://www.exploit-db.com/exploits/50383", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021100802", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/apache-http-server-2-4-49-directory-traversal-via-path-normalization-36592", }, { trust: 0.6, url: "https://cxsecurity.com/issue/wlb-2021110108", }, { trust: 0.6, url: "httpd-pathtrv-lazg68cz", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/22.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.theregister.co.uk/2021/10/11/in_brief_security/", }, { trust: 0.1, url: "https://github.com/adamanti1/cve-2021-41773_vulnerable-service", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22721", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28614", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-31813", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-29404", }, { trust: 0.1, url: "https://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-44790", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28615", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-30522", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-41524", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-44224", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22719", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-40438", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-30556", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-42013", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-36160", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-34798", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-23943", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-39275", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-22720", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-33193", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-26377", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-03222", }, { db: "VULMON", id: "CVE-2021-41773", }, { db: "PACKETSTORM", id: "168072", }, { db: "CNNVD", id: "CNNVD-202109-1907", }, { db: "NVD", id: "CVE-2021-41773", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-03222", }, { db: "VULMON", id: "CVE-2021-41773", }, { db: "PACKETSTORM", id: "168072", }, { db: "CNNVD", id: "CNNVD-202109-1907", }, { db: "NVD", id: "CVE-2021-41773", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-12T00:00:00", db: "CNVD", id: "CNVD-2022-03222", }, { date: "2021-10-05T00:00:00", db: "VULMON", id: "CVE-2021-41773", }, { date: "2022-08-15T16:02:48", db: "PACKETSTORM", id: "168072", }, { date: "2021-09-29T00:00:00", db: "CNNVD", id: "CNNVD-202109-1907", }, { date: "2021-10-05T09:15:07.593000", db: "NVD", id: "CVE-2021-41773", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-01-13T00:00:00", db: "CNVD", id: "CNVD-2022-03222", }, { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2021-41773", }, { date: "2022-08-16T00:00:00", db: "CNNVD", id: "CNNVD-202109-1907", }, { date: "2024-11-21T06:26:44.420000", db: "NVD", id: "CVE-2021-41773", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "168072", }, { db: "CNNVD", id: "CNNVD-202109-1907", }, ], trust: 0.7, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache HTTP Server Path Traversal Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2022-03222", }, { db: "CNNVD", id: "CNNVD-202109-1907", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "path traversal", sources: [ { db: "CNNVD", id: "CNNVD-202109-1907", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.