← voltar
CVE-2021-42013

Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-22
Em resumo

As versões 2.4.49 e 2.4.50 do Apache HTTP Server possuem uma correção de segurança incompleta que permite a atacantes acessar arquivos fora dos diretórios permitidos usando URLs especialmente construídas. Se esses arquivos forem scripts executáveis, os atacantes conseguem executar código arbitrário no servidor.

Detalhe técnico

Uma vulnerabilidade de path traversal existe no tratamento de diretivas alias do Apache 2.4.49/2.4.50, onde um patch incompleto do CVE-2021-41773 falha em restringir corretamente o mapeamento de URLs para arquivos. Um atacante remoto não autenticado pode construir requisições para contornar restrições de diretório e acessar recursos protegidos, potencialmente alcançando execução remota de código se CGI estiver habilitado em caminhos aliasados e proteções padrão não estejam em vigor.

Resumo gerado e traduzido por IA a partir da descrição oficial.
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Apache Software Foundation · Apache HTTP Server
PoCs públicas encontradas39
githubgithub.com/walnutsecurity/cve-2021-4201326githubgithub.com/Vulnmachines/cve-2021-4201315githubgithub.com/asaotomo/CVE-2021-42013-Apache-RCE-Poc-Exp10githubgithub.com/andrea-mattioli/apache-exploit-CVE-2021-420139githubgithub.com/TheLastVvV/CVE-2021-42013_Reverse-Shell7githubgithub.com/K3ysTr0K3R/CVE-2021-42013-EXPLOIT6githubgithub.com/BassoNicolas/CVE-2021-420133githubgithub.com/TheLastVvV/CVE-2021-420132githubgithub.com/twseptian/cve-2021-42013-docker-lab2githubgithub.com/bananoname/cve-2021-420131githubgithub.com/drackyjr/CVE-2021-420131githubgithub.com/robotsense1337/CVE-2021-420131githubgithub.com/jas9reet/CVE-2021-42013-LAB1githubgithub.com/cybfar/cve-2021-42013-httpd1githubgithub.com/vudala/CVE-2021-420131githubgithub.com/Hamesawian/CVE-2021-420131githubgithub.com/FakhriCRD/Apache-CVE-2021-42013-RCE-Exploit0githubgithub.com/hadrian3689/apache_2.4.500githubgithub.com/viliuspovilaika/cve-2021-420130githubgithub.com/mightysai1997/cve-2021-420130githubgithub.com/mightysai1997/cve-2021-42013L0githubgithub.com/mightysai1997/cve-2021-42013.get0githubgithub.com/12345qwert123456/CVE-2021-420130githubgithub.com/Makavellik/POC-CVE-2021-42013-EXPLOIT0githubgithub.com/dream434/cve-2021-42013-apache0githubgithub.com/LayarKacaSiber/CVE-2021-420130githubgithub.com/zeynepglygt/apache-cve-2021-42013-rce0githubgithub.com/asepsaepdin/CVE-2021-420130githubgithub.com/xMohamed0/CVE-2021-42013-ApacheRCE0githubgithub.com/ranasen-rat/cve-2021-420130exploitdbwww.exploit-db.com/exploits/50512não verificadocve_referencepacketstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.htmlnão verificadocve_referencepacketstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/50406não verificadoexploitdbwww.exploit-db.com/exploits/50446não verificadocve_referencepacketstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://jvn.jp/en/jp/JVN51106450/index.htmlhttp://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.htmlhttp://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.htmlhttp://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.htmlhttps://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/