ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0470
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0470)
Resumen:	The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2021-0470 advisory.
Descripción:	Summary: The remote host is missing an update for the 'apache' package(s) announced via the MGASA-2021-0470 advisory. Vulnerability Insight: It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration 'require all denied', these requests can succeed. If CGI scripts are also enabled for these aliased paths, this could allow for remote code execution (CVE-2021-42013). Affected Software/OS: 'apache' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-42013 Cisco Security Advisory: 20211007 Apache HTTP Server Vulnerabilties: October 2021 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ https://security.netapp.com/advisory/ntap-20211029-0009/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/ https://security.gentoo.org/glsa/202208-20 http://jvn.jp/en/jp/JVN51106450/index.html http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html https://www.povilaika.com/apache-2-4-50-exploit/ http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html https://httpd.apache.org/security/vulnerabilities_24.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3Cusers.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/10/07/6 http://www.openwall.com/lists/oss-security/2021/10/08/1 http://www.openwall.com/lists/oss-security/2021/10/08/2 http://www.openwall.com/lists/oss-security/2021/10/08/3 http://www.openwall.com/lists/oss-security/2021/10/08/4 http://www.openwall.com/lists/oss-security/2021/10/08/5 http://www.openwall.com/lists/oss-security/2021/10/08/6 http://www.openwall.com/lists/oss-security/2021/10/09/1 http://www.openwall.com/lists/oss-security/2021/10/11/4 http://www.openwall.com/lists/oss-security/2021/10/15/3 http://www.openwall.com/lists/oss-security/2021/10/16/1
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.