Details of VAR-202110-1691

ID

VAR-202110-1691

CVE

CVE-2021-41773

TITLE

Apache HTTP Server Path Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-03222 // CNNVD: CNNVD-202109-1907

DESCRIPTION

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. The server is fast, reliable and extensible through a simple API. This vulnerability is caused by the fact that the ap_normalize_path function is not strictly verified after the introduction of the function. Attackers can use this vulnerability to obtain sensitive information or control the target server. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/apache-tools < 2.4.54 >= 2.4.54 2 www-servers/apache < 2.4.54 >= 2.4.54 Description ========== Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 1.62

sources: NVD: CVE-2021-41773 // CNVD: CNVD-2022-03222 // VULMON: CVE-2021-41773 // PACKETSTORM: 168072

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-03222

AFFECTED PRODUCTS

vendor:	apache	model:	http server	scope:	eq	version:	2.4.49	Trust: 1.6
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.3	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0

sources: CNVD: CNVD-2022-03222 // NVD: CVE-2021-41773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-41773
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-03222
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1907
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-41773
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-41773
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-03222
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-41773
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-03222 // VULMON: CVE-2021-41773 // CNNVD: CNNVD-202109-1907 // NVD: CVE-2021-41773

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.0

sources: NVD: CVE-2021-41773

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 168072 // CNNVD: CNNVD-202109-1907

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202109-1907

PATCH

title:	Patch for Apache HTTP Server Path Traversal Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/313146	Trust: 0.6
title:	Apache HTTP Server Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165581	Trust: 0.6
title:	CVE-2021-41773	url:	https://github.com/ranggaggngntt/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/LudovicPatho/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/LayarKacaSiber/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/MazX0p/CVE-2021-41773	Trust: 0.1
title:	lab-cve-2021-41773	url:	https://github.com/htrgouvea/lab-cve-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/dileepdkumar/LayarKacaSiber-CVE-2021-41773	Trust: 0.1
title:	MASS_CVE-2021-41773	url:	https://github.com/i6c/MASS_CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/mightysai1997/CVE-2021-41773h	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/masahiro331/CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/mightysai1997/CVE-2021-41773S	Trust: 0.1
title:	cve-2021-41773	url:	https://github.com/walnutsecurity/cve-2021-41773	Trust: 0.1
title:	cve-2021-41773-nse	url:	https://github.com/TishcaTpx/cve-2021-41773-nse	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/BlueTeamSteve/CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/noflowpls/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/1nhann/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/creadpag/CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/MatanelGordon/docker-cve-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/ComdeyOverFlow/CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/12345qwert123456/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773-POC	url:	https://github.com/creadpag/CVE-2021-41773-POC	Trust: 0.1
title:	mass_cve-2021-41773	url:	https://github.com/justakazh/mass_cve-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/mightysai1997/CVE-2021-41773-PoC	Trust: 0.1
title:	cve-2021-41773-nse	url:	https://github.com/creadpag/cve-2021-41773-nse	Trust: 0.1
title:	apache_normalize_path	url:	https://github.com/Zeop-CyberSec/apache_normalize_path	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/b1tsec/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773-PoC	url:	https://github.com/habibiefaried/CVE-2021-41773-PoC	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/oxctdev/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/blasty/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/0xRar/CVE-2021-41773	Trust: 0.1
title:	Poc-CVE-2021-41773	url:	https://github.com/LetouRaphael/Poc-CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/spiderz0ne/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773-PoC	url:	https://github.com/lorddemon/CVE-2021-41773-PoC	Trust: 0.1
title:	POC-CVE-2021-41773	url:	https://github.com/kubota/POC-CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/WynSon/CVE-2021-41773	Trust: 0.1
title:	unix-v7-uucp-chkpth-bug	url:	https://github.com/mahtin/unix-v7-uucp-chkpth-bug	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/AssassinUKG/CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/Adamanti1/CVE-2021-41773_Vulnerable-service	Trust: 0.1
title:	-	url:	https://github.com/iosifache/ApacheRCEEssay	Trust: 0.1
title:	PATCH-CVE-2021-41773	url:	https://github.com/fastAsF/PATCH-CVE-2021-41773	Trust: 0.1
title:	cve-2021-41773	url:	https://github.com/mohwahyudi/cve-2021-41773	Trust: 0.1
title:	Simple-CVE-2021-41773-checker	url:	https://github.com/jheeree/Simple-CVE-2021-41773-checker	Trust: 0.1
title:	-	url:	https://github.com/retrymp3/apache2.4.49VulnerableLabSetup	Trust: 0.1
title:	-	url:	https://github.com/TheKernelPanic/exploit-apache2-cve-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/maennis/cybersecurity-reports	Trust: 0.1
title:	-	url:	https://github.com/luismede/apache2.4.49-exploit	Trust: 0.1
title:	-	url:	https://github.com/sergiovks/LFI-RCE-Unauthenticated-Apache-2.4.49-2.4.50	Trust: 0.1
title:	-	url:	https://github.com/Fireeeeeeee/Web-API-Security-Detection-System	Trust: 0.1
title:	ctf-zup-2021-2	url:	https://github.com/leoplana/ctf-zup-2021-2	Trust: 0.1
title:	-	url:	https://github.com/libraloge/trysomething	Trust: 0.1
title:	ProofofExploit	url:	https://github.com/5h1nN/ProofofExploit	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/r00tVen0m/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/xMohamed0/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773-exercise	url:	https://github.com/m96dg/CVE-2021-41773-exercise	Trust: 0.1
title:	-	url:	https://github.com/not-matthias/sigflag-ctf	Trust: 0.1
title:	CVE-2021-41773_Exploit	url:	https://github.com/Ming119/CVE-2021-41773_Exploit	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/Sakura-nee/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/thehackersbrain/CVE-2021-41773	Trust: 0.1
title:	One-Liner-Scripts	url:	https://github.com/litt1eb0yy/One-Liner-Scripts	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/ajdumanhug/CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/K3ysTr0K3R/CVE-2021-41773-EXPLOIT	Trust: 0.1
title:	apache2.4.49-exploit	url:	https://github.com/lu1sjddk/apache2.4.49-exploit	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/PentesterGuruji/CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/Iris288/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/wolf1892/CVE-2021-41773	Trust: 0.1
title:	Reserch-CVE-2021-41773	url:	https://github.com/DoTuan1/Reserch-CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773-RCE	url:	https://github.com/fnatalucci/CVE-2021-41773-RCE	Trust: 0.1
title:	-	url:	https://github.com/mightysai1997/CVE-2021-41773-L-	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/KAB8345/CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/12345qwert123456/CVE-2021-41773_Vulnerable-service	Trust: 0.1
title:	-	url:	https://github.com/hab1b0x/CVE-2021-41773	Trust: 0.1
title:	POC-CVE-2021-41773	url:	https://github.com/TishcaTpx/POC-CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773-PoC	url:	https://github.com/anonsecteaminc/CVE-2021-41773-PoC	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/scarmandef/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/EagleTube/CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/elihsane/CyberSecurityTaak-El-Jari	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/RyouYoo/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/itsecurityco/CVE-2021-41773	Trust: 0.1
title:	Scanner-CVE-2021-41773	url:	https://github.com/vida00/Scanner-CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/mightysai1997/CVE-2021-41773m	Trust: 0.1
title:	-	url:	https://github.com/vuongnv3389-sec/cve-2021-41773	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/TheLastVvV/CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/Adamanti1/CVE-2021-41773-Vulnerable-service	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/Fa1c0n35/CVE-2021-41773	Trust: 0.1
title:	Ethical-Hacking-Tools	url:	https://github.com/technovalley-aks/Ethical-Hacking-Tools	Trust: 0.1
title:	akhan4u	url:	https://github.com/akhan4u/akhan4u	Trust: 0.1
title:	Vulhub_Exp	url:	https://github.com/N0el4kLs/Vulhub_Exp	Trust: 0.1
title:	-	url:	https://github.com/anldori/CVE-2021-41773-Scanner	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/puckiestyle/CVE-2021-41773	Trust: 0.1
title:	CVE-Exploits	url:	https://github.com/AkshayraviC09YC47/CVE-Exploits	Trust: 0.1
title:	vulnerable_docker_apache_2_4_49	url:	https://github.com/m96dg/vulnerable_docker_apache_2_4_49	Trust: 0.1
title:	GoHackTools	url:	https://github.com/0e0w/GoHackTools	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/mauricelambert/CVE-2021-41773	Trust: 0.1
title:	CVE-2021-41773-exploiter	url:	https://github.com/norrig/CVE-2021-41773-exploiter	Trust: 0.1
title:	CVE-2021-41773-exploit	url:	https://github.com/vinhjaxt/CVE-2021-41773-exploit	Trust: 0.1
title:	-	url:	https://github.com/luisjddk/apache2.4.49-exploit	Trust: 0.1
title:	CVE-2021-41773	url:	https://github.com/the29a/CVE-2021-41773	Trust: 0.1
title:	-	url:	https://github.com/mightysai1997/CVE-2021-41773.git1	Trust: 0.1
title:	-	url:	https://github.com/francescoblefari/progetto_tesi_magistrale	Trust: 0.1
title:	-	url:	https://github.com/cyberanand1337x/apache-latest-exploit	Trust: 0.1
title:	-	url:	https://github.com/Plunder283/CVE-2021-41773	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2021/10/11/in_brief_security/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/apache-emergency-update-fixes-incomplete-patch-for-exploited-bug/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2021/10/06/apache_web_server_data_patch/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/actively-exploited-apache-0-day-also-allows-remote-code-execution/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/apache-web-server-zero-day-sensitive-data/175340/	Trust: 0.1

sources: CNVD: CNVD-2022-03222 // VULMON: CVE-2021-41773 // CNNVD: CNNVD-202109-1907

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41773	Trust: 2.4
db:	OPENWALL	id:	OSS-SECURITY/2021/10/15/3	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/07/6	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/09/1	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/08/4	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/08/3	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/16/1	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/11/4	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/08/2	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/08/6	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/07/1	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/05/2	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/08/5	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/10/08/1	Trust: 1.7
db:	PACKETSTORM	id:	164941	Trust: 1.7
db:	PACKETSTORM	id:	164629	Trust: 1.7
db:	PACKETSTORM	id:	164418	Trust: 1.7
db:	PACKETSTORM	id:	168072	Trust: 0.7
db:	CNVD	id:	CNVD-2022-03222	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3348	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3287	Trust: 0.6
db:	EXPLOIT-DB	id:	50383	Trust: 0.6
db:	CS-HELP	id:	SB2021101513	Trust: 0.6
db:	CS-HELP	id:	SB2021100601	Trust: 0.6
db:	CS-HELP	id:	SB2021100802	Trust: 0.6
db:	CXSECURITY	id:	WLB-2021110108	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1907	Trust: 0.6
db:	VULMON	id:	CVE-2021-41773	Trust: 0.1

sources: CNVD: CNVD-2022-03222 // VULMON: CVE-2021-41773 // PACKETSTORM: 168072 // CNNVD: CNNVD-202109-1907 // NVD: CVE-2021-41773

REFERENCES

url:	http://packetstormsecurity.com/files/164418/apache-http-server-2.4.49-path-traversal-remote-code-execution.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/164629/apache-2.4.49-2.4.50-traversal-remote-code-execution.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/164941/apache-http-server-2.4.50-remote-code-execution.html	Trust: 2.3
url:	https://security.gentoo.org/glsa/202208-20	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/10/05/2	Trust: 1.7
url:	http://packetstormsecurity.com/files/164418/apache-http-server-2.4.49-path-traversal.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/07/1	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/07/6	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/08/1	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/08/2	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/08/4	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/08/3	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/08/6	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/08/5	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/09/1	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/11/4	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/15/3	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/10/16/1	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20211029-0009/	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41773	Trust: 1.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-	Trust: 1.2
url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 1.1
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-pathtrv-lazg68cz	Trust: 1.1
url:	https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3cusers.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3cannounce.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3cannounce.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3cusers.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rmiiefinl6fuiopd2a3m5xc6dh45y3cc/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ws5rvhoiirecg65zbtzy7iejvwqsqpg3/	Trust: 1.1
url:	httpd.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f@%3cusers.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3cannounce.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45@%3cannounce.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3cusers.	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rmiiefinl6fuiopd2a3m5xc6dh45y3cc/	Trust: 0.6
url:	httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ws5rvhoiirecg65zbtzy7iejvwqsqpg3/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-41773	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3348	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101513	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3287	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100601	Trust: 0.6
url:	https://www.exploit-db.com/exploits/50383	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100802	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-http-server-2-4-49-directory-traversal-via-path-normalization-36592	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2021110108	Trust: 0.6
url:	httpd-pathtrv-lazg68cz	Trust: 0.6
url:	https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.theregister.co.uk/2021/10/11/in_brief_security/	Trust: 0.1
url:	https://github.com/adamanti1/cve-2021-41773_vulnerable-service	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28614	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31813	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29404	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28615	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40438	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30556	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42013	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36160	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34798	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23943	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39275	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33193	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26377	Trust: 0.1

sources: CNVD: CNVD-2022-03222 // VULMON: CVE-2021-41773 // PACKETSTORM: 168072 // CNNVD: CNNVD-202109-1907 // NVD: CVE-2021-41773

CREDITS

Valentin Lobstein

Trust: 0.6

sources: CNNVD: CNNVD-202109-1907

SOURCES

db:	CNVD	id:	CNVD-2022-03222
db:	VULMON	id:	CVE-2021-41773
db:	PACKETSTORM	id:	168072
db:	CNNVD	id:	CNNVD-202109-1907
db:	NVD	id:	CVE-2021-41773

LAST UPDATE DATE

2024-08-14T12:17:57.351000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-03222	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-41773	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202109-1907	date:	2022-08-16T00:00:00
db:	NVD	id:	CVE-2021-41773	date:	2024-07-26T19:40:13.757

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-03222	date:	2022-01-12T00:00:00
db:	VULMON	id:	CVE-2021-41773	date:	2021-10-05T00:00:00
db:	PACKETSTORM	id:	168072	date:	2022-08-15T16:02:48
db:	CNNVD	id:	CNNVD-202109-1907	date:	2021-09-29T00:00:00
db:	NVD	id:	CVE-2021-41773	date:	2021-10-05T09:15:07.593