/

CVE-2021-41773 Report - Details, Severity, Advisories and More

CVE-2021-41773 Report - Details, Severity, Advisories and More

Twingate Team

Feb 1, 2024

CVE-2021-41773 is a high-severity vulnerability affecting Apache HTTP Server 2.4.49. This flaw allows attackers to exploit a path traversal attack, mapping URLs to files outside the expected directories. As a result, unauthorized access to sensitive information and potential remote code execution can occur. The vulnerability impacts various systems running Apache HTTP Server 2.4.49, including certain configurations of Fedora, Oracle Instantis EnterpriseTrack, and NetApp Cloud Backup.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you need to check if your Apache HTTP Server is version 2.4.49. This vulnerability is a path traversal and file disclosure issue that allows attackers to map URLs to files outside the expected directories. It impacts systems running Apache HTTP Server 2.4.49, including certain configurations of Fedora, Oracle Instantis EnterpriseTrack, and NetApp Cloud Backup. If your server is running version 2.4.49 and you haven't applied the update that fixes this issue, you may be affected.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your Apache HTTP Server to the latest version. To do this, follow these simple steps: first, run the command emerge --sync, then run emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" for Apache HTTPD, or emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" for Apache HTTPD tools. This will help protect your system from potential remote code execution and unauthorized access.

Where can I go to learn more?

For more information on the CVE-2021-41773 vulnerability, you can refer to the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2021-41773 vulnerability is included in CISA's Known Exploited Vulnerabilities Catalog. This high-severity vulnerability, known as Apache HTTP Server Path Traversal Vulnerability, was added to the catalog on November 3, 2021. The due date for action was November 17, 2021, and the required action was to apply updates per vendor instructions to mitigate the risk of unauthorized access and potential remote code execution.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22, is related to improper limitation of a pathname to a restricted directory, known as path traversal. Attackers can exploit this flaw to access files outside expected directories, potentially leading to unauthorized access and remote code execution.

For more details

CVE-2021-41773 is a high-severity vulnerability affecting Apache HTTP Server 2.4.49, with potential consequences including unauthorized access and remote code execution. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2021-41773 Report - Details, Severity, Advisories and More

CVE-2021-41773 Report - Details, Severity, Advisories and More

Twingate Team

Feb 1, 2024

CVE-2021-41773 is a high-severity vulnerability affecting Apache HTTP Server 2.4.49. This flaw allows attackers to exploit a path traversal attack, mapping URLs to files outside the expected directories. As a result, unauthorized access to sensitive information and potential remote code execution can occur. The vulnerability impacts various systems running Apache HTTP Server 2.4.49, including certain configurations of Fedora, Oracle Instantis EnterpriseTrack, and NetApp Cloud Backup.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you need to check if your Apache HTTP Server is version 2.4.49. This vulnerability is a path traversal and file disclosure issue that allows attackers to map URLs to files outside the expected directories. It impacts systems running Apache HTTP Server 2.4.49, including certain configurations of Fedora, Oracle Instantis EnterpriseTrack, and NetApp Cloud Backup. If your server is running version 2.4.49 and you haven't applied the update that fixes this issue, you may be affected.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your Apache HTTP Server to the latest version. To do this, follow these simple steps: first, run the command emerge --sync, then run emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" for Apache HTTPD, or emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" for Apache HTTPD tools. This will help protect your system from potential remote code execution and unauthorized access.

Where can I go to learn more?

For more information on the CVE-2021-41773 vulnerability, you can refer to the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2021-41773 vulnerability is included in CISA's Known Exploited Vulnerabilities Catalog. This high-severity vulnerability, known as Apache HTTP Server Path Traversal Vulnerability, was added to the catalog on November 3, 2021. The due date for action was November 17, 2021, and the required action was to apply updates per vendor instructions to mitigate the risk of unauthorized access and potential remote code execution.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22, is related to improper limitation of a pathname to a restricted directory, known as path traversal. Attackers can exploit this flaw to access files outside expected directories, potentially leading to unauthorized access and remote code execution.

For more details

CVE-2021-41773 is a high-severity vulnerability affecting Apache HTTP Server 2.4.49, with potential consequences including unauthorized access and remote code execution. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2021-41773 Report - Details, Severity, Advisories and More

Twingate Team

Feb 1, 2024

CVE-2021-41773 is a high-severity vulnerability affecting Apache HTTP Server 2.4.49. This flaw allows attackers to exploit a path traversal attack, mapping URLs to files outside the expected directories. As a result, unauthorized access to sensitive information and potential remote code execution can occur. The vulnerability impacts various systems running Apache HTTP Server 2.4.49, including certain configurations of Fedora, Oracle Instantis EnterpriseTrack, and NetApp Cloud Backup.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you need to check if your Apache HTTP Server is version 2.4.49. This vulnerability is a path traversal and file disclosure issue that allows attackers to map URLs to files outside the expected directories. It impacts systems running Apache HTTP Server 2.4.49, including certain configurations of Fedora, Oracle Instantis EnterpriseTrack, and NetApp Cloud Backup. If your server is running version 2.4.49 and you haven't applied the update that fixes this issue, you may be affected.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your Apache HTTP Server to the latest version. To do this, follow these simple steps: first, run the command emerge --sync, then run emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" for Apache HTTPD, or emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" for Apache HTTPD tools. This will help protect your system from potential remote code execution and unauthorized access.

Where can I go to learn more?

For more information on the CVE-2021-41773 vulnerability, you can refer to the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2021-41773 vulnerability is included in CISA's Known Exploited Vulnerabilities Catalog. This high-severity vulnerability, known as Apache HTTP Server Path Traversal Vulnerability, was added to the catalog on November 3, 2021. The due date for action was November 17, 2021, and the required action was to apply updates per vendor instructions to mitigate the risk of unauthorized access and potential remote code execution.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22, is related to improper limitation of a pathname to a restricted directory, known as path traversal. Attackers can exploit this flaw to access files outside expected directories, potentially leading to unauthorized access and remote code execution.

For more details

CVE-2021-41773 is a high-severity vulnerability affecting Apache HTTP Server 2.4.49, with potential consequences including unauthorized access and remote code execution. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.