[ASA-202110-1] apache: directory traversal
Jonas Witschel
diabonas at archlinux.org
Thu Oct 21 18:56:43 UTC 2021
Arch Linux Security Advisory ASA-202110-1
=========================================
Severity: Critical
Date : 2021-10-21
CVE-ID : CVE-2021-42013
Package : apache
Type : directory traversal
Remote : Yes
Link : https://security.archlinux.org/AVG-2450
Summary
=======
The package apache before version 2.4.51-1 is vulnerable to directory
traversal.
Resolution
==========
Upgrade to 2.4.51-1.
# pacman -Syu "apache>=2.4.51-1"
The problem has been fixed upstream in version 2.4.51.
Workaround
==========
None.
Description
===========
It was found that the fix for CVE-2021-41773 in Apache HTTP Server
2.4.50 was insufficient. An attacker could use a path traversal attack
to map URLs to files outside the directories configured by Alias-like
directives. If files outside of these directories are not protected by
the usual default configuration "require all denied", these requests
can succeed. If CGI scripts are also enabled for these aliased pathes,
this could allow for remote code execution. This issue only affects
Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
Impact
======
A remote attacker could trick the HTTP server into executing arbitrary
executables in its file system through path traversal.
References
==========
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013
https://twitter.com/roman_soft/status/1446252280597078024
https://github.com/icing/blog/blob/main/httpd-2.4.50.md
https://svn.apache.org/viewvc?view=revision&revision=1893971
https://security.archlinux.org/CVE-2021-42013
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20211021/8c80e5ee/attachment.sig>
More information about the arch-security
mailing list