11634 matches found
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...
DEBIAN-CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...
Path traversal
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...
CVE-2021-41773
CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49 affecting how path normalization maps URLs to files under Alias-like directives. The issue could allow access to files outside configured directories; if CGI scripts are enabled for those paths, remote code execution is...
CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...
CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...
CVE-2021-41524 null pointer dereference in h2 fuzzing
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...
Apache 2.4.49 < 2.4.50 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is 2.4.49. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.50 advisory. - While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external...
Apache HTTP Server 2.4.49 Multiple Vulnerabilities - Linux
Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
Apache HTTP Server 2.4.49 Multiple Vulnerabilities - Windows
Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773)
Binary data apache2449pathtraversal.nbin...
Apache httpd -- Multiple vulnerabilities
The Apache http server project reports: moderate: null pointer dereference in h2 fuzzing CVE-2021-41524 important: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 CVE-2021-41773...
Directory Traversal
Overview http-server-node is a simple, zero-configuration command-line http server Affected versions of this package are vulnerable to Directory Traversal via use of --path-as-is. PoC curl -s --path-as-is http://127.0.0.1:3000/../sensitive-file.txt Details A Directory Traversal attack also known ...
KLA12371 Multiple vulnerabilities in Apache HTTP Server
Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. NULL pointer dereference vulnerability in h2 fuzzing can b...
PT-2021-4294
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.49 through 2.4.50 Description A flaw in path normalization allows a path traversal attack to map URLs to files outside directories configured by Alias-like directives. If these files are not protected by the...
Fedora: Security Advisory for httpd (FEDORA-2021-e3f6dd670d)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Debian DLA-2776-1 : apache2 - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2776 advisory. Several vulnerabilities were discovered in the Apache HTTP server. An attacker could send proxied requests to arbitrary servers, corrupt memory in some setups...