Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 🐛 Path traversal and file disclosure vulnera...

CVE-2021-42342

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts...

Design/Logic Flaw

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts...

CVE-2021-42342

CVE-2021-42342 affects EmbedThis GoAhead Web Server (GoAhead) prior to 5.1.5. The issue is in the file upload filter: user form variables can reach CGI scripts without the CGI_ prefix, allowing untrusted environment variables to be passed and enabling remote code execution. Affected component: fi...

CVE-2021-42342

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts...

FreeBSD : Apache httpd -- Path Traversal and Remote Code Execution (d001c189-2793-11ec-8fb1-206a8a720317)

The Apache http server project reports : critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 incomplete fix of CVE-2021-41773 CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a...

Updated apache packages fix security vulnerability

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

JVN#51106450: Apache HTTP Server vulnerable to directory traversal

Apache HTTP Server provided by The Apache Software Foundation contains a directory traversal vulnerability CWE-22. Impact A remote attacker may access the unprotected files in "require all denied" placed outside of the document root. Moreover, if CGI scripts are enabled, arbitrary code may be...

Path traversal

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

Apache httpd -- Path Traversal and Remote Code Execution

The Apache http server project reports: critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 incomplete fix of CVE-2021-41773 CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Path traversal and file disclosure vulnerabilit...

Apache 2.4.49 < 2.4.50 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.49. It is, therefore, affected by multiple vulnerabilities: - While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the serve...

Apache Httpd < 2.4.51 : Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

CVE-2021-41773

A path transversal flaw was found in Apache 2.4.49. A remote attacker could use this flaw to map URLs to files outside the expected document root. Additionally this flaw could leak the source of interpreted files like CGI scripts...

Apache Httpd < 2.4.50 : Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

Fedora: Security Advisory for php (FEDORA-2021-45ba66bd29)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: php-7.4.23-1.fc34

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Fedora: Security Advisory for php (FEDORA-2021-d867b595d1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...