Test ID:	1.3.6.1.4.1.25623.1.0.117711
Category:	Web Servers
Title:	Apache HTTP Server 2.4.49 - 2.4.50 Directory Traversal / RCE Vulnerability - Windows
Summary:	Apache HTTP Server is prone to a directory traversal; and a possible remote code execution (RCE) vulnerability.
Description:	Summary: Apache HTTP Server is prone to a directory traversal and a possible remote code execution (RCE) vulnerability. Vulnerability Insight: It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration 'require all denied', these requests can succeed. If CGI scripts are also enabled for these aliased paths, this could allow for remote code execution. Affected Software/OS: Apache HTTP Server version 2.4.49 through 2.4.50. Solution: Update to version 2.4.51 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-42013 Cisco Security Advisory: 20211007 Apache HTTP Server Vulnerabilties: October 2021 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ https://security.netapp.com/advisory/ntap-20211029-0009/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/ https://security.gentoo.org/glsa/202208-20 http://jvn.jp/en/jp/JVN51106450/index.html http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html https://www.povilaika.com/apache-2-4-50-exploit/ http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html https://httpd.apache.org/security/vulnerabilities_24.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3Cusers.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2021/10/07/6 http://www.openwall.com/lists/oss-security/2021/10/08/1 http://www.openwall.com/lists/oss-security/2021/10/08/2 http://www.openwall.com/lists/oss-security/2021/10/08/3 http://www.openwall.com/lists/oss-security/2021/10/08/4 http://www.openwall.com/lists/oss-security/2021/10/08/5 http://www.openwall.com/lists/oss-security/2021/10/08/6 http://www.openwall.com/lists/oss-security/2021/10/09/1 http://www.openwall.com/lists/oss-security/2021/10/11/4 http://www.openwall.com/lists/oss-security/2021/10/15/3 http://www.openwall.com/lists/oss-security/2021/10/16/1
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.