CVE-2021-41773

CVSS v2.0

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.49 and 2.4.50 Apache HTTP Server version 2.4.49

Description A path traversal flaw was discovered in Apache HTTP Server 2.4.49. An attacker can exploit this to map URLs to files outside of configured directories. If files outside these directories are not protected by default configurations, requests can succeed. Enabling CGI scripts for these aliased paths could allow for remote code execution. This issue is actively exploited in the wild. The initial fix in version 2.4.50 was incomplete.

Recommendations Upgrade to a version later than 2.4.50.

Exploit

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2021_3816

ALSA-2022_0891

ALSA-2022_1915

ALT-PU-2021-2994

ALT-PU-2021-3018

ALT-PU-2021-3037

ALT-PU-2021-3060

BDU:2021-04903

BIT-APACHE-2021-41773

CVE-2021-41773

MGASA-2021-0461

OPENSUSE-SU-2024:11560-1

RHSA-2021_3816

RHSA-2021_3856

RHSA-2022_0143

RHSA-2022_0891

RHSA-2022_1915

Affected Products

Alt Linux

Apache Http Server

CVE-2021-41773

Weakness Enumeration

Related Identifiers

Affected Products

References · 370