CVE-2021-42013

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 7, 2021
Updated: Jul 26, 2024
CWE ID 22

Summary

CVE-2021-42013: A new vulnerability was discovered in Apache HTTP Server 2.4.50, which is an insufficient fix for the previously addressed CVE-2021-41773. An attacker can exploit this path traversal issue to map URLs to files outside the configured directories using Alias-like directives. If files are not secured with the usual default configuration "require all denied," attackers can gain access to these files. Moreover, if CGI scripts are enabled for these aliased paths, it could lead to remote code execution. This vulnerability affects only Apache 2.4.49 and 2.4.50.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Oracle JD Edwards EnterpriseOne Tools
  • Oracle Instantis Enterprisetrack
  • Fedora Operating System
  • Apache Software Foundation Apache HTTP Server

Affected Vendors

  • Apache Software Foundation
  • Fedora Project
  • BonqDAO

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2021-42013 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions