Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

Apache HTTPd 2.4.49/2.4.50 路径穿越漏洞

Last updated October 11, 2021
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Apache HTTPd是Apache基金会开源的一款流行的HTTP服务器。
2021年10月8日Apache HTTPd官方发布安全更新,披露了CVE-2021-42013 Apache HTTPd 2.4.49/2.4.50 路径穿越漏洞。由于对CVE-2021-41773 Apache HTTPd 2.4.49 路径穿越漏洞的修复不完善,攻击者可构造恶意请求绕过布丁,利用穿越漏洞读取到Web目录之外的其他文件。同时若Apache HTTPd开启了cgi支持,攻击者可构造恶意请求执行命令,控制服务器。阿里云应急响应中心提醒 Apache HTTPd 用户尽快采取安全措施阻止漏洞攻击。

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Exploited in the Wild

Reported by:

References

Exploit
PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.

Additional Info

Technical Analysis