CVE-2021-41773 Scanner
Detects 'Path Traversal' vulnerability in Apache HTTP Server affects v. 2.4.49.
Short Info
Level
High
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Parent Category
CVE-2021-41773 Scanner Detail
Apache HTTP Server is an open-source web server software that is widely used across the internet in powering websites and web applications. It is commonly used in hosting platforms, content delivery networks, and popular web applications such as WordPress, Drupal and Joomla. Apache HTTP Server is renowned for its flexibility, security and compatibility with various operating systems, including Windows, Linux and macOS.
CVE-2021-41773 is the code given to a severe vulnerability that was identified in Apache HTTP Server 2.4.49. A flaw was detected in the path normalization during URL mapping, which could allow attackers to map URLs to files outside the folders configured by Alias-like directives. If CGI scripts are enabled for these aliased paths, the vulnerability could allow attackers to execute remote code. This vulnerability is known to be actively exploited by attackers.
Exploitation of CVE-2021-41773 could lead to catastrophic consequences for vulnerable web applications. Attackers can exploit this vulnerability to bypass access controls and access sensitive files outside the configured directories. Attackers can also execute arbitrary code on affected web servers, leading to complete compromise of the system and the theft of confidential data.
Thanks to the pro features of securityforeveryone.com, readers can easily learn about vulnerabilities in their digital assets. Securityforeveryone.com offers a user-friendly and intuitive platform for vulnerability scanning and detection across a variety of digital assets. It empowers businesses and individuals to stay ahead of cyber threats by providing comprehensive reports pinpointing vulnerabilities and providing step-by-step instructions to remediate detected vulnerabilities.
REFERENCES
- http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html
- http://www.openwall.com/lists/oss-security/2021/10/05/2
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f@%3Cusers.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45@%3Cannounce.apache.org%3E
control security posture