ID

VAR-202110-1691


CVE

CVE-2021-41773


TITLE

Apache HTTP Server Path Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-03222 // CNNVD: CNNVD-202109-1907

DESCRIPTION

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. The server is fast, reliable and extensible through a simple API. This vulnerability is caused by the fact that the ap_normalize_path function is not strictly verified after the introduction of the function. Attackers can use this vulnerability to obtain sensitive information or control the target server. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/apache-tools < 2.4.54 >= 2.4.54 2 www-servers/apache < 2.4.54 >= 2.4.54 Description ========== Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 1.62

sources: NVD: CVE-2021-41773 // CNVD: CNVD-2022-03222 // VULMON: CVE-2021-41773 // PACKETSTORM: 168072

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-03222

AFFECTED PRODUCTS

vendor:apachemodel:http serverscope:eqversion:2.4.49

Trust: 1.6

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

sources: CNVD: CNVD-2022-03222 // NVD: CVE-2021-41773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41773
value: HIGH

Trust: 1.0

CNVD: CNVD-2022-03222
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1907
value: HIGH

Trust: 0.6

VULMON: CVE-2021-41773
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-41773
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-03222
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-41773
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-03222 // VULMON: CVE-2021-41773 // CNNVD: CNNVD-202109-1907 // NVD: CVE-2021-41773

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

sources: NVD: CVE-2021-41773

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 168072 // CNNVD: CNNVD-202109-1907

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202109-1907

PATCH

title:Patch for Apache HTTP Server Path Traversal Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/313146

Trust: 0.6

title:Apache HTTP Server Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165581

Trust: 0.6

title:CVE-2021-41773url:https://github.com/ranggaggngntt/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/LudovicPatho/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/LayarKacaSiber/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/MazX0p/CVE-2021-41773

Trust: 0.1

title:lab-cve-2021-41773url:https://github.com/htrgouvea/lab-cve-2021-41773

Trust: 0.1

title: - url:https://github.com/dileepdkumar/LayarKacaSiber-CVE-2021-41773

Trust: 0.1

title:MASS_CVE-2021-41773url:https://github.com/i6c/MASS_CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/mightysai1997/CVE-2021-41773h

Trust: 0.1

title:CVE-2021-41773url:https://github.com/masahiro331/CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/mightysai1997/CVE-2021-41773S

Trust: 0.1

title:cve-2021-41773url:https://github.com/walnutsecurity/cve-2021-41773

Trust: 0.1

title:cve-2021-41773-nseurl:https://github.com/TishcaTpx/cve-2021-41773-nse

Trust: 0.1

title:CVE-2021-41773url:https://github.com/BlueTeamSteve/CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/noflowpls/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/1nhann/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/creadpag/CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/MatanelGordon/docker-cve-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/ComdeyOverFlow/CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/12345qwert123456/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773-POCurl:https://github.com/creadpag/CVE-2021-41773-POC

Trust: 0.1

title:mass_cve-2021-41773url:https://github.com/justakazh/mass_cve-2021-41773

Trust: 0.1

title: - url:https://github.com/mightysai1997/CVE-2021-41773-PoC

Trust: 0.1

title:cve-2021-41773-nseurl:https://github.com/creadpag/cve-2021-41773-nse

Trust: 0.1

title:apache_normalize_pathurl:https://github.com/Zeop-CyberSec/apache_normalize_path

Trust: 0.1

title:CVE-2021-41773url:https://github.com/b1tsec/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773-PoCurl:https://github.com/habibiefaried/CVE-2021-41773-PoC

Trust: 0.1

title:CVE-2021-41773url:https://github.com/oxctdev/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/blasty/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/0xRar/CVE-2021-41773

Trust: 0.1

title:Poc-CVE-2021-41773url:https://github.com/LetouRaphael/Poc-CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/spiderz0ne/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773-PoCurl:https://github.com/lorddemon/CVE-2021-41773-PoC

Trust: 0.1

title:POC-CVE-2021-41773url:https://github.com/kubota/POC-CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/WynSon/CVE-2021-41773

Trust: 0.1

title:unix-v7-uucp-chkpth-bugurl:https://github.com/mahtin/unix-v7-uucp-chkpth-bug

Trust: 0.1

title:CVE-2021-41773url:https://github.com/AssassinUKG/CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/Adamanti1/CVE-2021-41773_Vulnerable-service

Trust: 0.1

title: - url:https://github.com/iosifache/ApacheRCEEssay

Trust: 0.1

title:PATCH-CVE-2021-41773url:https://github.com/fastAsF/PATCH-CVE-2021-41773

Trust: 0.1

title:cve-2021-41773url:https://github.com/mohwahyudi/cve-2021-41773

Trust: 0.1

title:Simple-CVE-2021-41773-checkerurl:https://github.com/jheeree/Simple-CVE-2021-41773-checker

Trust: 0.1

title: - url:https://github.com/retrymp3/apache2.4.49VulnerableLabSetup

Trust: 0.1

title: - url:https://github.com/TheKernelPanic/exploit-apache2-cve-2021-41773

Trust: 0.1

title: - url:https://github.com/maennis/cybersecurity-reports

Trust: 0.1

title: - url:https://github.com/luismede/apache2.4.49-exploit

Trust: 0.1

title: - url:https://github.com/sergiovks/LFI-RCE-Unauthenticated-Apache-2.4.49-2.4.50

Trust: 0.1

title: - url:https://github.com/Fireeeeeeee/Web-API-Security-Detection-System

Trust: 0.1

title:ctf-zup-2021-2url:https://github.com/leoplana/ctf-zup-2021-2

Trust: 0.1

title: - url:https://github.com/libraloge/trysomething

Trust: 0.1

title:ProofofExploiturl:https://github.com/5h1nN/ProofofExploit

Trust: 0.1

title:CVE-2021-41773url:https://github.com/r00tVen0m/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/xMohamed0/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773-exerciseurl:https://github.com/m96dg/CVE-2021-41773-exercise

Trust: 0.1

title: - url:https://github.com/not-matthias/sigflag-ctf

Trust: 0.1

title:CVE-2021-41773_Exploiturl:https://github.com/Ming119/CVE-2021-41773_Exploit

Trust: 0.1

title:CVE-2021-41773url:https://github.com/Sakura-nee/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/thehackersbrain/CVE-2021-41773

Trust: 0.1

title:One-Liner-Scriptsurl:https://github.com/litt1eb0yy/One-Liner-Scripts

Trust: 0.1

title:CVE-2021-41773url:https://github.com/ajdumanhug/CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/K3ysTr0K3R/CVE-2021-41773-EXPLOIT

Trust: 0.1

title:apache2.4.49-exploiturl:https://github.com/lu1sjddk/apache2.4.49-exploit

Trust: 0.1

title:CVE-2021-41773url:https://github.com/PentesterGuruji/CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/Iris288/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/wolf1892/CVE-2021-41773

Trust: 0.1

title:Reserch-CVE-2021-41773url:https://github.com/DoTuan1/Reserch-CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773-RCEurl:https://github.com/fnatalucci/CVE-2021-41773-RCE

Trust: 0.1

title: - url:https://github.com/mightysai1997/CVE-2021-41773-L-

Trust: 0.1

title:CVE-2021-41773url:https://github.com/KAB8345/CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/12345qwert123456/CVE-2021-41773_Vulnerable-service

Trust: 0.1

title: - url:https://github.com/hab1b0x/CVE-2021-41773

Trust: 0.1

title:POC-CVE-2021-41773url:https://github.com/TishcaTpx/POC-CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773-PoCurl:https://github.com/anonsecteaminc/CVE-2021-41773-PoC

Trust: 0.1

title:CVE-2021-41773url:https://github.com/scarmandef/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/EagleTube/CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/elihsane/CyberSecurityTaak-El-Jari

Trust: 0.1

title:CVE-2021-41773url:https://github.com/RyouYoo/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/itsecurityco/CVE-2021-41773

Trust: 0.1

title:Scanner-CVE-2021-41773url:https://github.com/vida00/Scanner-CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/mightysai1997/CVE-2021-41773m

Trust: 0.1

title: - url:https://github.com/vuongnv3389-sec/cve-2021-41773

Trust: 0.1

title:CVE-2021-41773url:https://github.com/TheLastVvV/CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/Adamanti1/CVE-2021-41773-Vulnerable-service

Trust: 0.1

title:CVE-2021-41773url:https://github.com/Fa1c0n35/CVE-2021-41773

Trust: 0.1

title:Ethical-Hacking-Toolsurl:https://github.com/technovalley-aks/Ethical-Hacking-Tools

Trust: 0.1

title:akhan4uurl:https://github.com/akhan4u/akhan4u

Trust: 0.1

title:Vulhub_Expurl:https://github.com/N0el4kLs/Vulhub_Exp

Trust: 0.1

title: - url:https://github.com/anldori/CVE-2021-41773-Scanner

Trust: 0.1

title:CVE-2021-41773url:https://github.com/puckiestyle/CVE-2021-41773

Trust: 0.1

title:CVE-Exploitsurl:https://github.com/AkshayraviC09YC47/CVE-Exploits

Trust: 0.1

title:vulnerable_docker_apache_2_4_49url:https://github.com/m96dg/vulnerable_docker_apache_2_4_49

Trust: 0.1

title:GoHackToolsurl:https://github.com/0e0w/GoHackTools

Trust: 0.1

title:CVE-2021-41773url:https://github.com/mauricelambert/CVE-2021-41773

Trust: 0.1

title:CVE-2021-41773-exploiterurl:https://github.com/norrig/CVE-2021-41773-exploiter

Trust: 0.1

title:CVE-2021-41773-exploiturl:https://github.com/vinhjaxt/CVE-2021-41773-exploit

Trust: 0.1

title: - url:https://github.com/luisjddk/apache2.4.49-exploit

Trust: 0.1

title:CVE-2021-41773url:https://github.com/the29a/CVE-2021-41773

Trust: 0.1

title: - url:https://github.com/mightysai1997/CVE-2021-41773.git1

Trust: 0.1

title: - url:https://github.com/francescoblefari/progetto_tesi_magistrale

Trust: 0.1

title: - url:https://github.com/cyberanand1337x/apache-latest-exploit

Trust: 0.1

title: - url:https://github.com/Plunder283/CVE-2021-41773

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2021/10/11/in_brief_security/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/apache-emergency-update-fixes-incomplete-patch-for-exploited-bug/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2021/10/06/apache_web_server_data_patch/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/actively-exploited-apache-0-day-also-allows-remote-code-execution/

Trust: 0.1

title:Threatposturl:https://threatpost.com/apache-web-server-zero-day-sensitive-data/175340/

Trust: 0.1

sources: CNVD: CNVD-2022-03222 // VULMON: CVE-2021-41773 // CNNVD: CNNVD-202109-1907

EXTERNAL IDS

db:NVDid:CVE-2021-41773

Trust: 2.4

db:OPENWALLid:OSS-SECURITY/2021/10/15/3

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/07/6

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/09/1

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/08/4

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/08/3

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/16/1

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/11/4

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/08/2

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/08/6

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/07/1

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/05/2

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/08/5

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/10/08/1

Trust: 1.7

db:PACKETSTORMid:164941

Trust: 1.7

db:PACKETSTORMid:164629

Trust: 1.7

db:PACKETSTORMid:164418

Trust: 1.7

db:PACKETSTORMid:168072

Trust: 0.7

db:CNVDid:CNVD-2022-03222

Trust: 0.6

db:AUSCERTid:ESB-2021.3348

Trust: 0.6

db:AUSCERTid:ESB-2021.3287

Trust: 0.6

db:EXPLOIT-DBid:50383

Trust: 0.6

db:CS-HELPid:SB2021101513

Trust: 0.6

db:CS-HELPid:SB2021100601

Trust: 0.6

db:CS-HELPid:SB2021100802

Trust: 0.6

db:CXSECURITYid:WLB-2021110108

Trust: 0.6

db:CNNVDid:CNNVD-202109-1907

Trust: 0.6

db:VULMONid:CVE-2021-41773

Trust: 0.1

sources: CNVD: CNVD-2022-03222 // VULMON: CVE-2021-41773 // PACKETSTORM: 168072 // CNNVD: CNNVD-202109-1907 // NVD: CVE-2021-41773

REFERENCES

url:http://packetstormsecurity.com/files/164418/apache-http-server-2.4.49-path-traversal-remote-code-execution.html

Trust: 2.3

url:http://packetstormsecurity.com/files/164629/apache-2.4.49-2.4.50-traversal-remote-code-execution.html

Trust: 2.3

url:http://packetstormsecurity.com/files/164941/apache-http-server-2.4.50-remote-code-execution.html

Trust: 2.3

url:https://security.gentoo.org/glsa/202208-20

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2021/10/05/2

Trust: 1.7

url:http://packetstormsecurity.com/files/164418/apache-http-server-2.4.49-path-traversal.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/07/1

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/07/6

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/08/1

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/08/2

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/08/4

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/08/3

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/08/6

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/08/5

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/09/1

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/11/4

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/15/3

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/10/16/1

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20211029-0009/

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-41773

Trust: 1.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-

Trust: 1.2

url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.1

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-pathtrv-lazg68cz

Trust: 1.1

url:https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3cusers.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3cannounce.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3cannounce.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3cusers.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rmiiefinl6fuiopd2a3m5xc6dh45y3cc/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ws5rvhoiirecg65zbtzy7iejvwqsqpg3/

Trust: 1.1

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f@%3cusers.

Trust: 0.6

url:https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3cannounce.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45@%3cannounce.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3cusers.

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rmiiefinl6fuiopd2a3m5xc6dh45y3cc/

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ws5rvhoiirecg65zbtzy7iejvwqsqpg3/

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-41773

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3348

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101513

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3287

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021100601

Trust: 0.6

url:https://www.exploit-db.com/exploits/50383

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021100802

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-http-server-2-4-49-directory-traversal-via-path-normalization-36592

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2021110108

Trust: 0.6

url:httpd-pathtrv-lazg68cz

Trust: 0.6

url:https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.theregister.co.uk/2021/10/11/in_brief_security/

Trust: 0.1

url:https://github.com/adamanti1/cve-2021-41773_vulnerable-service

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22721

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-31813

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29404

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44790

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-40438

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30556

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-34798

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23943

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39275

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33193

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26377

Trust: 0.1

sources: CNVD: CNVD-2022-03222 // VULMON: CVE-2021-41773 // PACKETSTORM: 168072 // CNNVD: CNNVD-202109-1907 // NVD: CVE-2021-41773

CREDITS

Valentin Lobstein

Trust: 0.6

sources: CNNVD: CNNVD-202109-1907

SOURCES

db:CNVDid:CNVD-2022-03222
db:VULMONid:CVE-2021-41773
db:PACKETSTORMid:168072
db:CNNVDid:CNNVD-202109-1907
db:NVDid:CVE-2021-41773

LAST UPDATE DATE

2024-11-23T20:08:18.678000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-03222date:2022-01-13T00:00:00
db:VULMONid:CVE-2021-41773date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202109-1907date:2022-08-16T00:00:00
db:NVDid:CVE-2021-41773date:2024-11-21T06:26:44.420

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-03222date:2022-01-12T00:00:00
db:VULMONid:CVE-2021-41773date:2021-10-05T00:00:00
db:PACKETSTORMid:168072date:2022-08-15T16:02:48
db:CNNVDid:CNNVD-202109-1907date:2021-09-29T00:00:00
db:NVDid:CVE-2021-41773date:2021-10-05T09:15:07.593