Apache – CVE-2021-42013

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to a Path Traversal attack (CWE-22).
The CVE-2021-42013 exist due to the fact that a fix for a previous problem, CVE-2021-41773 was insufficient.

An attacker could use a Path Traversal attack to map URLs to files outside the directories that are configured by Alias-like directives.
If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed.
Remote code execution is also possible if CGI scripts are also enabled for these aliased pathes.

Remote attackers could abuse this Information Disclosure to obtain potentially sensitive information, assisting them in initiating attacks.

Recommendation

It was found that CVE-2021-42013 only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions, so you can downgrade if this is your wish.

To properly fix this issue, upgrade the version of Apache HTTP Server being used to 2.4.51 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013

https://cwe.mitre.org/data/definitions/22.html

< Return to all Vulnerabilities

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »