oss-sec mailing list archives
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
From: Yann Ylavic <ylavic.dev () gmail com>
Date: Fri, 8 Oct 2021 20:37:33 +0200
On Fri, Oct 8, 2021 at 8:53 AM Roman Medina-Heigl Hernandez <roman () rs-labs com> wrote:
I posted RCE exploit for this (it works for both CVEs: 41773 & 42013) and some other details regarding requirements / exploitability, which you may find useful at: https://twitter.com/roman_soft/status/1446252280597078024
Thanks, that's fair analysis. Cheers; Yann.
Current thread:
- CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Stefan Eissing (Oct 07)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Roman Medina-Heigl Hernandez (Oct 07)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Yann Ylavic (Oct 08)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Solar Designer (Oct 08)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Yann Ylavic (Oct 08)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Solar Designer (Oct 08)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Yann Ylavic (Oct 08)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Roman Medina-Heigl Hernandez (Oct 09)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Yann Ylavic (Oct 11)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Roman Medina-Heigl Hernandez (Oct 15)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Yann Ylavic (Oct 15)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Yann Ylavic (Oct 08)
- Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) Roman Medina-Heigl Hernandez (Oct 07)