Description

Due to a flaw in the way how Apache HTTP Server normalizes the path, an attacker can use it to perform path traversal attack and access sensitive information on the server, which may lead to a takeover of the server. In some configurations of the web server, it may lead to remote code execution directly.

Remediation

Upgrade to the latest version of Apache HTTP Server.

References

CVE-2021-41773

CVE-2021-42013

Related Vulnerabilities

WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997)

Apache Log4j2 JNDI Remote Code Execution (404 page handler)

WordPress Plugin AccessAlly PHP Code Execution (3.3.1)

WordPress Plugin Download Manager Directory Traversal (3.2.54)

WordPress Plugin WP Super Cache Remote Code Execution (1.7.1)

Severity

High

Classification

CVE-2021-42013 CVE-2021-41773 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

Code Execution Directory Traversal