Test Kennung:	1.3.6.1.4.1.25623.1.0.146844
Kategorie:	Web Servers
Titel:	Apache HTTP Server 2.4.49 Directory Traversal / RCE Vulnerability - Active Check
Zusammenfassung:	Apache HTTP Server is prone to a directory traversal; and a possible remote code execution (RCE) vulnerability.
Beschreibung:	Summary: Apache HTTP Server is prone to a directory traversal and a possible remote code execution (RCE) vulnerability. Vulnerability Insight: An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by 'require all denied' these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. Note: If 'mod_cgi' is enabled this flaw can be also be used by an attacker to achieve remote code execution (RCE). Affected Software/OS: Apache HTTP Server version 2.4.49. Solution: Update to version 2.4.50 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-41773 Cisco Security Advisory: 20211007 Apache HTTP Server Vulnerabilties: October 2021 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ https://security.netapp.com/advisory/ntap-20211029-0009/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/ https://security.gentoo.org/glsa/202208-20 http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html https://httpd.apache.org/security/vulnerabilities_24.html https://www.oracle.com/security-alerts/cpujan2022.html https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45@%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f@%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3Cusers.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/10/05/2 http://www.openwall.com/lists/oss-security/2021/10/07/6 http://www.openwall.com/lists/oss-security/2021/10/07/1 http://www.openwall.com/lists/oss-security/2021/10/08/1 http://www.openwall.com/lists/oss-security/2021/10/08/2 http://www.openwall.com/lists/oss-security/2021/10/08/3 http://www.openwall.com/lists/oss-security/2021/10/08/4 http://www.openwall.com/lists/oss-security/2021/10/08/5 http://www.openwall.com/lists/oss-security/2021/10/08/6 http://www.openwall.com/lists/oss-security/2021/10/09/1 http://www.openwall.com/lists/oss-security/2021/10/11/4 http://www.openwall.com/lists/oss-security/2021/10/15/3 http://www.openwall.com/lists/oss-security/2021/10/16/1
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.