Lucene search

[email protected]NVD:CVE-2021-42013

HistoryOct 07, 2021 - 4:15 p.m.

CVE-2021-42013

2021-10-0716:15:09

CWE-22

[email protected]

web.nvd.nist.gov

cve-2021-42013

path traversal

http server

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%

JSON

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

Affected configurations

Nvd

Node

apachehttp_serverMatch2.4.49

apachehttp_serverMatch2.4.50

Node

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

Node

oracleinstantis_enterprisetrackMatch17.1

oracleinstantis_enterprisetrackMatch17.2

oracleinstantis_enterprisetrackMatch17.3

oraclejd_edwards_enterpriseone_toolsRange<9.2.6.0

oraclesecure_backupRange<18.1.0.1.0

Node

netappcloud_backupMatch-

VendorProductVersionCPE
apachehttp_server2.4.49cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*
apachehttp_server2.4.50cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
oracleinstantis_enterprisetrack17.1cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
oracleinstantis_enterprisetrack17.2cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
oracleinstantis_enterprisetrack17.3cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
oraclejd_edwards_enterpriseone_tools*cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
oraclesecure_backup*cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
netappcloud_backup-cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	http_server	2.4.49	cpe:2.3:a:apache:http_server:2.4.49:::::::*
apache	http_server	2.4.50	cpe:2.3:a:apache:http_server:2.4.50:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
oracle	instantis_enterprisetrack	17.1	cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
oracle	instantis_enterprisetrack	17.2	cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
oracle	instantis_enterprisetrack	17.3	cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
oracle	jd_edwards_enterpriseone_tools	*	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
oracle	secure_backup	*	cpe:2.3:a:oracle:secure_backup::::::::
netapp	cloud_backup	-	cpe:2.3:a:netapp:cloud_backup:-:::::::*

References

jvn.jp/en/jp/JVN51106450/index.html

packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html

packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html

packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html

packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html

packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html

packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html

www.openwall.com/lists/oss-security/2021/10/07/6

www.openwall.com/lists/oss-security/2021/10/08/1

www.openwall.com/lists/oss-security/2021/10/08/2

www.openwall.com/lists/oss-security/2021/10/08/3

www.openwall.com/lists/oss-security/2021/10/08/4

www.openwall.com/lists/oss-security/2021/10/08/5

www.openwall.com/lists/oss-security/2021/10/08/6

www.openwall.com/lists/oss-security/2021/10/09/1

www.openwall.com/lists/oss-security/2021/10/11/4

www.openwall.com/lists/oss-security/2021/10/15/3

www.openwall.com/lists/oss-security/2021/10/16/1

httpd.apache.org/security/vulnerabilities_24.html

lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E

lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/

security.gentoo.org/glsa/202208-20

security.netapp.com/advisory/ntap-20211029-0009/

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2022.html

www.povilaika.com/apache-2-4-50-exploit/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%

JSON

CVE-2021-42013

Affected configurations

References

Related