Lucene search

Veracode Vulnerability DatabaseVERACODE:32397

HistoryOct 06, 2021 - 7:50 a.m.

Path Traversal

2021-10-0607:50:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

apache2

path traversal

vulnerability

path normalization

software

EPSS

0.975

Percentile

100.0%

JSON

apache2 has path traversal. The vulnerability exists due to a flaw found in a change made to path normalization.

References

packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html

packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html

packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html

packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html

www.openwall.com/lists/oss-security/2021/10/05/2

www.openwall.com/lists/oss-security/2021/10/07/1

www.openwall.com/lists/oss-security/2021/10/07/6

www.openwall.com/lists/oss-security/2021/10/08/1

www.openwall.com/lists/oss-security/2021/10/08/2

www.openwall.com/lists/oss-security/2021/10/08/3

www.openwall.com/lists/oss-security/2021/10/08/4

www.openwall.com/lists/oss-security/2021/10/08/5

www.openwall.com/lists/oss-security/2021/10/08/6

www.openwall.com/lists/oss-security/2021/10/09/1

www.openwall.com/lists/oss-security/2021/10/11/4

www.openwall.com/lists/oss-security/2021/10/15/3

www.openwall.com/lists/oss-security/2021/10/16/1

httpd.apache.org/security/vulnerabilities_24.html

lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f@%3Cusers.httpd.apache.org%3E

lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3Cannounce.apache.org%3E

lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45@%3Cannounce.apache.org%3E

lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3Cusers.httpd.apache.org%3E

lists.fedoraproject.org/archives/list/[email protected]/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/

lists.fedoraproject.org/archives/list/[email protected]/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.11/main.yaml

secdb.alpinelinux.org/v3.12/main.yaml

secdb.alpinelinux.org/v3.13/main.yaml

secdb.alpinelinux.org/v3.14/main.yaml

security.gentoo.org/glsa/202208-20

security.netapp.com/advisory/ntap-20211029-0009/

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ

www.oracle.com/security-alerts/cpujan2022.html