CVE-2021-41773

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

Path traversal

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

CVE-2021-41773

CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49 affecting how path normalization maps URLs to files under Alias-like directives. The issue could allow access to files outside configured directories; if CGI scripts are enabled for those paths, remote code execution is...

CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

CVE-2021-41524 null pointer dereference in h2 fuzzing

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

CVE-2021-41773

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

Apache HTTP Server 2.4.49 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Apache 2.4.49 < 2.4.50 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is 2.4.49. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.50 advisory. - While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external...

Apache httpd -- Multiple vulnerabilities

The Apache http server project reports: moderate: null pointer dereference in h2 fuzzing CVE-2021-41524 important: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 CVE-2021-41773...

Apache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773)

Binary data apache2449pathtraversal.nbin...

KLA12371 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. NULL pointer dereference vulnerability in h2 fuzzing can b...

PT-2021-4294

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.49 through 2.4.50 Description A flaw in path normalization allows a path traversal attack to map URLs to files outside directories configured by Alias-like directives. If these files are not protected by the...

Debian DLA-2776-1 : apache2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2776 advisory. Several vulnerabilities were discovered in the Apache HTTP server. An attacker could send proxied requests to arbitrary servers, corrupt memory in some setups...

Fedora: Security Advisory for httpd (FEDORA-2021-e3f6dd670d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities (CVE-2020-13938, CVE-2021-30641)

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2020-13938 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the improper handling of insufficient privileges. A local attack...

OESA-2021-1369 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive.CVE-2021-36160...

Security Bulletin: Vulnerability in IBM HTTP Server used by WebSphere Application Server

Summary There is a vulnerability in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2021-39275 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking by the apescapequotes function...

Ubuntu 16.04 ESM : Apache HTTP Server regression (USN-5090-4)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5090-4 advisory. USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Tenable has...

KLA12363 DoS vulnerability in Apache HTTP Server

Denial of service vulnerability was found in Apache HTTP Server. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Fixed in Apache HTTP Server 2.4.35 Related products Apache-HTTP-Server CVE list CVE-2018-11763 high Solution Update to the latest version...