Lucene search
CiscoCISCO-SA-APACHE-HTTPD-PATHTRV-LAZG68CZHistoryOct 07, 2021 - 4:00 p.m.
Apache HTTP Server Vulnerabilities: October 2021
2021-10-0716:00:00
tools.cisco.com
123
0.975 High
EPSS
Percentile
100.0%
On October 5, 2021 and October 7, 2021, the Apache Software Foundation released two security announcements for the Apache HTTP Server that disclosed the following vulnerabilities:
CVE-2021-41524: Null Pointer Dereference Vulnerability CVE-2021-41773: Path Traversal and Remote Code Execution Vulnerability CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
For descriptions of these vulnerabilities, see the Apache Security Announcement [“https://httpd.apache.org/security/vulnerabilities_24.html”]. For additional information, see the Cisco TALOS blog post, Threat Advisory: Apache HTTP Server zero-day vulnerability opens door for attackers [“https://blog.talosintelligence.com/2021/10/apache-vuln-threat-advisory.html”].
Cisco investigated its product line and concluded that no Cisco products are affected by these vulnerabilities.
Related
photon
photon
Critical Photon OS Security Update - PHSA-2021-0118
2021-10-19 00:00:00
Critical Photon OS Security Update - PHSA-2021-4.0-0118
2021-10-20 00:00:00
malwarebytes
malwarebytes
[Updated, again] Apache fixes zero-day vulnerability in HTTP Server
2021-10-06 14:23:08
nessus
nessus
Apache 2.4.49 < 2.4.50 Multiple Vulnerabilities
2021-10-06 00:00:00
FreeBSD : Apache httpd -- Multiple vulnerabilities (25b78bdd-25b8-11ec-a341-d4c9ef517024)
2021-10-06 00:00:00
Apache 2.4.49 < 2.4.50 Multiple Vulnerabilities
2021-10-05 00:00:00
openvas
openvas
Apache HTTP Server 2.4.49 Multiple Vulnerabilities - Linux
2021-10-05 00:00:00
Slackware: Security Advisory (SSA:2021-278-01)
2022-04-21 00:00:00
Apache HTTP Server 2.4.49 Multiple Vulnerabilities - Windows
2021-10-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 1:2.4.50-alt1
2021-10-07 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.50-alt1
2021-10-07 00:00:00
Security fix for the ALT Linux 9 package apache2 version 1:2.4.51-alt1
2021-10-13 00:00:00
kaspersky
kaspersky
KLA12371 Multiple vulnerabilities in Apache HTTP Server
2021-10-04 00:00:00
KLA12372 RCE vulnerability in Apache HTTP Server
2021-10-07 00:00:00
slackware
slackware
[slackware-security] httpd
2021-10-06 01:14:05
[slackware-security] httpd
2021-10-08 03:27:06
mageia
mageia
Updated apache packages fix security vulnerabilities
2021-10-06 17:38:41
Updated apache packages fix security vulnerability
2021-10-08 22:12:12
hivepro
hivepro
Multiple vulnerabilities have been discovered in the Apache HTTP Server
2021-10-06 08:57:02
freebsd
freebsd
Apache httpd -- Multiple vulnerabilities
2021-10-05 00:00:00
Apache httpd -- Path Traversal and Remote Code Execution
2021-10-07 00:00:00
thn
thn
prion
prion
Path traversal
2021-10-05 09:15:00
Path traversal
2021-10-07 16:15:00
Null pointer dereference
2021-10-05 09:15:00
rapid7blog
rapid7blog
Apache HTTP Server CVE-2021-41773 Exploited in the Wild
2021-10-06 16:42:32
fedora
fedora
[SECURITY] Fedora 34 Update: httpd-2.4.51-1.fc34
2021-10-12 23:46:03
[SECURITY] Fedora 35 Update: httpd-2.4.51-2.fc35
2021-10-15 00:50:08
packetstorm
packetstorm
Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution
2021-10-25 00:00:00
Apache HTTP Server 2.4.50 Remote Code Execution
2021-11-11 00:00:00
Apache HTTP Server 2.4.50 Remote Code Execution
2021-10-24 00:00:00
alpinelinux
alpinelinux
cisa
cisa
Apache Releases Security Update for Apache HTTP Server
2021-10-06 00:00:00
cve
cve
githubexploit
githubexploit
Exploit for Path Traversal in Apache Http Server
2021-10-09 11:33:56
Exploit for Path Traversal in Apache Http Server
2021-11-09 05:13:17
Exploit for Path Traversal in Apache Http Server
2021-11-09 05:13:17
osv
osv
BIT-apache-2021-42013
2024-03-06 10:54:27
CVE-2021-42013
2021-10-07 16:15:09
CVE-2021-41773
2021-10-05 09:15:00
debiancve
debiancve
metasploit
metasploit
Apache 2.4.49/2.4.50 Traversal RCE scanner
2021-10-06 17:00:59
Apache 2.4.49/2.4.50 Traversal RCE
2021-10-08 11:22:47
hackerone
hackerone
cvelist
cvelist
CVE-2021-42013 Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
2021-10-07 15:50:14
CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
2021-10-05 08:40:12
CVE-2021-41524 null pointer dereference in h2 fuzzing
2021-10-05 08:40:11
ibm
ibm
zdt
zdt
Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution Exploit
2021-10-26 00:00:00
Apache HTTP Server 2.4.50 - Remote Code Execution Exploit (3)
2021-11-11 00:00:00
cisa_kev
cisa_kev
Apache HTTP Server Path Traversal Vulnerability
2021-11-03 00:00:00
Apache HTTP Server Path Traversal Vulnerability
2021-11-03 00:00:00
httpd
httpd
ubuntucve
ubuntucve
nuclei
nuclei
Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
2021-10-07 18:17:29
Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
2021-10-07 18:17:29
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server Directory Traversal (CVE-2021-41773; CVE-2021-42013)
2021-10-06 00:00:00
f5
f5
K04082144 : Apache HTTP Server vulnerability CVE-2021-41773, CVE-2021-42013
2021-10-21 00:00:00
K56331254 : Apache HTTP server vulnerability CVE-2021-41524
2021-11-05 00:00:00
attackerkb
attackerkb
Apache HTTPd 2.4.49/2.4.50 路径穿越漏洞
2021-10-11 00:00:00
CVE-2021-41773
2021-10-05 00:00:00
jvn
jvn
JVN#51106450: Apache HTTP Server vulnerable to directory traversal
2021-10-08 00:00:00
redhatcve
redhatcve
CVE-2021-42013
2021-10-07 17:33:09
CVE-2021-41524
2021-10-05 17:08:31
impervablog
impervablog
qualysblog
qualysblog
archlinux
archlinux
[ASA-202110-1] apache: directory traversal
2021-10-21 00:00:00
exploitdb
exploitdb
Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)
2021-11-11 00:00:00
amazon
amazon
Important: httpd24
2021-10-15 07:52:00
Important: httpd
2021-10-15 07:57:00
cbl_mariner
cbl_mariner
CVE-2021-41524 affecting package httpd 2.4.49-1
2021-10-15 04:46:31
veracode
veracode
Denial Of Service (DoS)
2021-10-06 09:50:40
Path Traversal
2021-10-08 21:08:53
Path Traversal
2021-10-06 07:50:10
cnvd
cnvd
Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-09237)
2021-10-10 00:00:00
Apache HTTP Server path traversal vulnerability
2021-10-08 00:00:00
dsquare
dsquare
Apache 2.4.50 RCE
2021-10-08 00:00:00
Apache 2.4.50 Path Traversal
2021-10-08 00:00:00
trellix
trellix
The Bug Report – October Edition
2021-11-02 00:00:00
The Bug Report – October Edition
2021-11-02 00:00:00
threatpost
threatpost
3.1M Neiman Marcus Customer Card Details Breached
2021-10-01 17:50:42
Apache Web Server Zero-Day Actively Exploited, Exposes Sensitive Data
2021-10-05 20:01:27
Transnational Fraud Ring Bilks U.S. Military Service Members Out of Millions
2021-10-04 15:22:32
wallarmlab
wallarmlab