Apache is a web server software.
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by \"require all denied\" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts, this may lead to remote code execution by an attacker.
", "Product": "Apache", "Homepage": "https://apache.org/", "DisclosureDate": "2021-10-08", "Author": "keeeee", "FofaQuery": "banner=\"apache/2.4.50\" || banner=\"apache/2.4.49\"", "GobyQuery": "banner=\"apache/2.4.50\" || banner=\"apache/2.4.49\"", "Level": "2", "Impact": "It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient.A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by \"require all denied\" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts, this may lead to remote code execution by an attacker.
", "Translation": { "CN": { "Name": "Apache 2.4.49 2.4.50 版本目录穿越漏洞(CVE-2021-41773)", "VulType": [ "目录遍历" ], "Tags": [ "目录遍历" ], "Description": "Apache是一款Web服务器软件。
Apache HTTP Server 2.4.50 中针对 CVE-2021-41773 的修复不够充分。 攻击者可以使用目录穿越攻击将 URL 映射到预期文档根目录之外的文件。 如果文档根目录之外的文件不受“要求全部拒绝”的保护,则这些请求可能会成功。 此外,此缺陷可能会泄漏 CGI 脚本等解释文件的来源,进而可能导致攻击者实现远程代码执行。
", "Impact": "Apache HTTP Server 2.4.50 中针对 CVE-2021-41773 的修复不够充分。 攻击者可以使用目录穿越攻击将 URL 映射到预期文档根目录之外的文件。 如果文档根目录之外的文件不受“要求全部拒绝”的保护,则这些请求可能会成功。 此外,此缺陷可能会泄漏 CGI 脚本等解释文件的来源,进而可能导致攻击者实现远程代码执行。
", "Product": "Apache", "Recommendation": "⼚商已发布了漏洞修复程序,请及时关注更新: https://httpd.apache.org/security/vulnerabilities_24.html
" }, "EN": { "Name": "Apache 2.4.49 2.4.50 Path Traversal (CVE-2021-41773)", "VulType": [ "path-traversal" ], "Tags": [ "path-traversal" ], "Description": "Apache is a web server software.
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by \"require all denied\" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts, this may lead to remote code execution by an attacker.
", "Impact": "It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by \"require all denied\" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts, this may lead to remote code execution by an attacker.
", "Product": "Apache", "Recommendation": "The vendor has released a bug fix, please pay attention to the update in time: https://httpd.apache.org/security/vulnerabilities_24.html
1. Set access policies and whitelist access through security devices such as firewalls.
2.Upgrade the Apache system version.
" } }, "References": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-41773", "https://twitter.com/roman_soft/status/1446252280597078024" ], "HasExp": true, "ExpParams": [ { "name": "filename", "type": "input", "value": "/etc/passwd" } ], "ExpTips": null, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/test.php", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "test", "bz": "" } ] }, "SetVariable": [] } ], "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/test.php", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "test", "bz": "" } ] }, "SetVariable": [] } ], "Tags": [ "path-traversal" ], "VulType": [ "path-traversal" ], "CVEIDs": [ "CVE-2021-41773" ], "CVSSScore": "9.0", "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": [ "Apache" ], "Hardware": null }, "CNNVD": [], "CNVD": [], "Recommandation": "The vendor has released a bug fix, please pay attention to the update in time: https://httpd.apache.org/security/vulnerabilities_24.html