The instance of Apache HTTP Server running on the remote host is affected by a path traversal vulnerability. A remote, unauthenticated attacker can exploit this issue, via a specially crafted HTTP request, to access arbitrary files on the remote host.

Binary data apache_2_4_50_path_traversal.nbin

VendorProductVersionCPE
apachehttp_servercpe:/a:apache:http_server
apachehttpdcpe:/a:apache:httpd

Vendor	Product	Version	CPE
apache	http_server		cpe:/a:apache:http_server
apache	httpd		cpe:/a:apache:httpd

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013

httpd.apache.org/security/vulnerabilities_24.html

dsquare 2

veracode 1

githubexploit 31

hackerone 3

zdt 5

openvas 9

altlinux 2

packetstorm 4

kaspersky 1

exploitdb 3

thn 2

rapid7blog 2

freebsd 1

fedora 2

prion 2

nvd 2

alpinelinux 2

httpd 1

ubuntucve 2

ibm 1

cisa_kev 2

osv 4

nuclei 2

cvelist 2

cve 2

nessus 5

metasploit 2

cisa 2

debiancve 2

attackerkb 3

checkpoint_advisories 1

f5 1

jvn 1

mageia 1

redhatcve 1

slackware 1

archlinux 1

impervablog 1

qualysblog 3

malwarebytes 1

photon 2

cisco 1

trellix 2

amazon 2

gentoo 1

ics 2

mssecure 1

mmpc 1

oracle 2

dsquare

Apache 2.4.50 RCE

2021-10-08 00:00:00

Apache 2.4.50 Path Traversal

2021-10-08 00:00:00

veracode

Path Traversal

2021-10-08 21:08:53

githubexploit

Exploit for Path Traversal in Apache Http Server

2021-10-20 15:32:39

Exploit for Path Traversal in Apache Http Server

2021-11-14 14:58:26

Exploit for CVE-2021-42013

2022-07-28 09:21:50

hackerone

Internet Bug Bounty: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.50

2021-11-18 21:56:01

Internet Bug Bounty: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

2021-11-08 21:47:54

Internet Bug Bounty: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)

2021-11-14 23:54:06

zdt

Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution Vulnerabilities

2021-10-13 00:00:00

Apache HTTP Server 2.4.50 - Remote Code Execution Exploit (2)

2021-10-25 00:00:00

Apache 2.4.50 Remote Code Execution Exploit

2022-06-07 00:00:00

openvas

Apache HTTP Server 2.4.49 - 2.4.50 Directory Traversal / RCE Vulnerability - Active Check

2021-10-08 00:00:00

Slackware: Security Advisory (SSA:2021-280-01)

2022-04-21 00:00:00

Apache HTTP Server 2.4.49 - 2.4.50 Directory Traversal / RCE Vulnerability - Windows

2021-10-08 00:00:00

altlinux

Security fix for the ALT Linux 9 package apache2 version 1:2.4.51-alt1

2021-10-13 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.51-alt1

2021-10-11 00:00:00

packetstorm

Apache HTTP Server 2.4.50 Path Traversal / Code Execution

2021-10-13 00:00:00

Apache HTTP Server 2.4.50 Remote Code Execution

2021-10-24 00:00:00

Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution

2021-10-25 00:00:00

kaspersky

KLA12372 RCE vulnerability in Apache HTTP Server

2021-10-07 00:00:00

exploitdb

Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)

2021-10-13 00:00:00

Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (2)

2021-10-25 00:00:00

Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)

2021-11-11 00:00:00

thn

New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks

2021-10-08 04:47:00

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

2022-12-22 09:39:00

rapid7blog

Apache HTTP Server CVE-2021-41773 Exploited in the Wild

2021-10-06 16:42:32

Metasploit Wrap-Up

2021-10-29 17:59:46

freebsd

Apache httpd -- Path Traversal and Remote Code Execution

2021-10-07 00:00:00

fedora

[SECURITY] Fedora 34 Update: httpd-2.4.51-1.fc34

2021-10-12 23:46:03

[SECURITY] Fedora 35 Update: httpd-2.4.51-2.fc35

2021-10-15 00:50:08

prion

Path traversal

2021-10-05 09:15:00

Path traversal

2021-10-07 16:15:00

nvd

CVE-2021-42013

2021-10-07 16:15:09

CVE-2021-41773

2021-10-05 09:15:07

alpinelinux

CVE-2021-41773

2021-10-05 09:15:07

CVE-2021-42013

2021-10-07 16:15:09

httpd

Apache Httpd < 2.4.51 : Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

2021-10-06 00:00:00

ubuntucve

CVE-2021-42013

2021-10-07 00:00:00

CVE-2021-41773

2021-10-05 00:00:00

ibm

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-42013)

2022-01-17 18:38:24

cisa_kev

Apache HTTP Server Path Traversal Vulnerability

2021-11-03 00:00:00

Apache HTTP Server Path Traversal Vulnerability

2021-11-03 00:00:00

osv

CVE-2021-42013

2021-10-07 16:15:09

CVE-2021-41773

2021-10-05 09:15:00

BIT-apache-2021-42013

2024-03-06 10:54:27

nuclei

Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution

2021-10-07 18:17:29

Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution

2021-10-07 18:17:29

cvelist

CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

2021-10-05 08:40:12

CVE-2021-42013 Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

2021-10-07 15:50:14

cve

CVE-2021-41773

2021-10-05 09:15:07

CVE-2021-42013

2021-10-07 16:15:09

nessus

Apache 2.4.49 < 2.4.51 Path Traversal Vulnerability

2021-10-08 00:00:00

FreeBSD : Apache httpd -- Path Traversal and Remote Code Execution (d001c189-2793-11ec-8fb1-206a8a720317)

2021-10-11 00:00:00

Amazon Linux 2 : httpd (ALAS-2021-1716)

2021-10-16 00:00:00

metasploit

Apache 2.4.49/2.4.50 Traversal RCE

2021-10-08 11:22:47

Apache 2.4.49/2.4.50 Traversal RCE scanner

2021-10-06 17:00:59

cisa

Apache Releases Security Update for Apache HTTP Server

2021-10-06 00:00:00

Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation

2021-10-07 00:00:00

debiancve

CVE-2021-41773

2021-10-05 09:15:07

CVE-2021-42013

2021-10-07 16:15:09

attackerkb

CVE-2021-41773

2021-10-05 00:00:00

Apache HTTPd 2.4.49/2.4.50 路径穿越漏洞

2021-10-11 00:00:00

CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

2021-10-08 00:00:00

checkpoint_advisories

Apache HTTP Server Directory Traversal (CVE-2021-41773; CVE-2021-42013)

2021-10-06 00:00:00

K04082144 : Apache HTTP Server vulnerability CVE-2021-41773, CVE-2021-42013

2021-10-21 00:00:00

jvn

JVN#51106450: Apache HTTP Server vulnerable to directory traversal

2021-10-08 00:00:00

mageia

Updated apache packages fix security vulnerability

2021-10-08 22:12:12

redhatcve

CVE-2021-42013

2021-10-07 17:33:09

slackware

[slackware-security] httpd

2021-10-08 03:27:06

archlinux

[ASA-202110-1] apache: directory traversal

2021-10-21 00:00:00

impervablog

How RASP Protects Apache Servers from zero-day Path Traversal Attacks (CVE-2021-41773)

2021-10-26 19:35:24

qualysblog

Apache HTTP Server Path Traversal & Remote Code Execution (CVE-2021-41773 & CVE-2021-42013)

2021-10-28 06:22:22

Qualys Response to CISA Alert: Binding Operational Directive 22-01

2021-11-09 06:15:01

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

malwarebytes

[Updated, again] Apache fixes zero-day vulnerability in HTTP Server

2021-10-06 14:23:08

photon

Critical Photon OS Security Update - PHSA-2021-0118

2021-10-19 00:00:00

Critical Photon OS Security Update - PHSA-2021-4.0-0118

2021-10-20 00:00:00

cisco

Apache HTTP Server Vulnerabilities: October 2021

2021-10-07 16:00:00

trellix

The Bug Report – October Edition

2021-11-02 00:00:00

The Bug Report – October Edition

2021-11-02 00:00:00

amazon

Important: httpd

2021-10-15 07:57:00

Important: httpd24

2021-10-15 07:52:00

gentoo

Apache HTTPD: Multiple Vulnerabilities

2022-08-14 00:00:00

ics

Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

2022-10-06 12:00:00

2022 Top Routinely Exploited Vulnerabilities

2023-08-03 12:00:00

mssecure

Microsoft research uncovers new Zerobot capabilities

2022-12-21 20:00:00

mmpc

Microsoft research uncovers new Zerobot capabilities

2022-12-21 20:00:00

oracle

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.974 High

EPSS

Percentile

99.9%

JSON

Related for APACHE_2_4_50_PATH_TRAVERSAL.NBIN