CVE-2021-42013 Scanner

Apache HTTP Server is a popular open-source web server software used to host websites and web applications. It is known for its flexibility, stability, and security, and it is used by millions of websites around the world. The purpose of Apache HTTP Server is to provide a reliable and secure platform for serving content over the World Wide Web. It is designed to work across multiple operating systems and can be easily configured for many different use cases.

Recently, a vulnerability was detected in Apache HTTP Server 2.4.49 and 2.4.50, which can allow a remote attacker to execute arbitrary code on the server. The vulnerability is identified as CVE-2021-42013, and it allows an attacker to perform a path traversal attack, which causes URLs to map to files outside the directories that are configured by Alias-like directives.

When the vulnerability is exploited, an attacker can access files that are outside the configured directories, leading to a potential data breach. This can include sensitive files or scripts that contain user data, access credentials, or other confidential information. Furthermore, if CGI scripts are enabled for the affected paths, the attacker can execute arbitrary code on the server, leading to a complete compromise of the system.

At SecurityForEveryone.com, we provide a comprehensive platform for identifying, analyzing, and mitigating vulnerabilities in digital assets. Our pro features allow users to quickly and easily scan their web applications and servers for vulnerabilities, including CVE-2021-42013. With our platform, users can stay ahead of potential threats and protect their digital assets from unauthorized access, data breaches, and other security risks.

REFERENCES

• http://jvn.jp/en/jp/JVN51106450/index.html
• http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html
• http://www.openwall.com/lists/oss-security/2021/10/07/6
• http://www.openwall.com/lists/oss-security/2021/10/08/1
• http://www.openwall.com/lists/oss-security/2021/10/08/2
• http://www.openwall.com/lists/oss-security/2021/10/08/3
• http://www.openwall.com/lists/oss-security/2021/10/08/4
• http://www.openwall.com/lists/oss-security/2021/10/08/5
• http://www.openwall.com/lists/oss-security/2021/10/08/6
• http://www.openwall.com/lists/oss-security/2021/10/09/1
• http://www.openwall.com/lists/oss-security/2021/10/11/4
• http://www.openwall.com/lists/oss-security/2021/10/15/3
• http://www.openwall.com/lists/oss-security/2021/10/16/1
• https://httpd.apache.org/security/vulnerabilities_24.html
• https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3Cannounce.apache.org%3E
• https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3Cusers.httpd.apache.org%3E
• https://lists.fedoraproject.org/archives/list/[email protected]/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/
• https://lists.fedoraproject.org/archives/list/[email protected]/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ