9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Apache HTTP Server is vulnerable to path traversal attacks. An attacker could use a path traversal attack to map URLs to the files outside of the document root are not protected by the “require all denied” directive in the Apache configuration file
jvn.jp/en/jp/JVN51106450/index.html
packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html
packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html
packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html
packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html
www.openwall.com/lists/oss-security/2021/10/07/6
www.openwall.com/lists/oss-security/2021/10/08/1
www.openwall.com/lists/oss-security/2021/10/08/2
www.openwall.com/lists/oss-security/2021/10/08/3
www.openwall.com/lists/oss-security/2021/10/08/4
www.openwall.com/lists/oss-security/2021/10/08/5
www.openwall.com/lists/oss-security/2021/10/08/6
www.openwall.com/lists/oss-security/2021/10/09/1
www.openwall.com/lists/oss-security/2021/10/11/4
www.openwall.com/lists/oss-security/2021/10/15/3
www.openwall.com/lists/oss-security/2021/10/16/1
httpd.apache.org/security/vulnerabilities_24.html
lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3Cusers.httpd.apache.org%3E
lists.fedoraproject.org/archives/list/[email protected]/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/
lists.fedoraproject.org/archives/list/[email protected]/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/
secdb.alpinelinux.org/edge/main.yaml
security.gentoo.org/glsa/202208-20
security.netapp.com/advisory/ntap-20211029-0009/
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2022.html
www.povilaika.com/apache-2-4-50-exploit/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P