Tracked as CVE-2021-41773, the vulnerability is the result of an incomplete path normalization logic implemented in the Apache HTTP server 2.4.49 that in turn introduced a vulnerability. Unfortunately, the vulnerability was exploited in the wild before it was reported to the Apache project, making it a zero-day.
PoC
127.0.0.1/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
Although the issue only impacts web servers running Apache “httpd” v2.4.49 and not earlier versions, Shodan search results show there are over 112,000 Apache servers across the globe running that version, with about 40% located in the U.S.:
Apache servers across the globe running the vunerable “httpd” v2.4.49 version
“An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by “require all denied” these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts,” reads Apache’s security advisory.
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings