Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
An Apache HTTP Server is often exposed to the internet, and this vulnerability is well known. An unauthenticated attacker can view sensitive information or gain complete control of a device with a simple HTTP request.
Kill Chain
Risk Score
87
Apache HTTP Server has a path traversal and remote code execution (RCE) vulnerability (CVE-2021-41773) in Apache 2.4.49. Apache 2.4.50 contains an incomplete fix, causing Apache HTTP Servers to remain vulnerable to path traversal and RCE (CVE-2021-42013). An attacker sends an HTTP request with encoded path traversal fragments (such as %2E%2E%2Fetc%2Fpasswd) to view a restricted file when the file is configured with an Apache Alias module (mod_alias) directive. The attacker can also send an HTTP POST request with encoded path traversal fragments and a malicious command to perform RCE when the Apache Common Gateway Interface (CGI) module (mod_cgi) is enabled for the aliased file path. The Apache Alias modules enable URL mapping to file system paths, creating shortcuts for accessing files. The Apache CGI module enables scripts and other programs to run on the server and add dynamic content to a web page.
Update Apache HTTP Servers to 2.4.51 or later
Update the Apache configuration file to include the file system directory directive, "Require all denied"
