Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2021-41773

Last updated October 11, 2021
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Apache HTTPd是Apache基金会开源的一款流行的HTTP服务器。
2021年10月8日Apache HTTPd官方发布安全更新,披露了CVE-2021-42013 Apache HTTPd 2.4.49/2.4.50 路径穿越漏洞。由于对CVE-2021-41773 Apache HTTPd 2.4.49 路径穿越漏洞的修复不完善,攻击者可构造恶意请求绕过布丁,利用穿越漏洞读取到Web目录之外的其他文件。同时若Apache HTTPd开启了cgi支持,攻击者可构造恶意请求执行命令,控制服务器。阿里云应急响应中心提醒 Apache HTTPd 用户尽快采取安全措施阻止漏洞攻击。

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

References

Additional Info

Technical Analysis