HomePentest-Tools.com Logo

Apache HTTP Server 2.4.49 - 2.4.50 Directory Traversal / RCE Vulnerability - Active Check CVE-2021-42013

Severity
CVSSv3 Score
9.8
Vulnerability description

Apache HTTP Server is prone to a directory traversal and a possible remote code execution (RCE) vulnerability.

Risk description

An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by require all denied these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. Note: If mod_cgi is enabled this flaw can be also be used by an attacker to achieve remote code execution (RCE).

Recommendation

Update to version 2.4.51 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 7, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available