新洞速递(CVE-2021-41773)

admin
admin
admin
140521
文章
117
评论
2021年10月7日14:00:50评论186 views字数 2215阅读7分23秒阅读模式

Description

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.

Apache Web Server Zero-Day Actively Exploited, Exposes Sensitive Data | Threatpost

Apache Web Server Zero-Day Exposes Sensitive Data

新洞速递(CVE-2021-41773)

img

The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating.

Apache Software has quickly issued a fix for a zero-day security bug in the Apache HTTP Server, which was first reported to the project last week. The vulnerability is under active exploitation in the wild, it said, and could allow attackers to access sensitive information.

According to a security advisory issued on Monday, the issue (CVE-2021-41773) could allow path traversal and subsequent file disclosure. Path traversal issues allow unauthorized people to access files on a web server, by tricking either the web server or the web application running on it into returning files that exist outside of the web root folder.

The vulnerability is rated Important, with a CVSS score of 5.1 out of 10.

In this case, the issue affects only version 2.4.49 of Apache’s open-source web server, which offers cross-platform operability with all modern operating systems, including UNIX and Windows.

“A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49,” according to the advisory. “An attacker could use a path-traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by ‘require all denied,’ these requests can succeed.”

The bug could also expose the source of interpreted files like CGI scripts, the advisory added, which which may contain sensitive information that attackers can exploit for further attacks.

Researchers such as the offensive team at Positive Technologies quickly created proof-of-concept exploits verifying the attack path, so expect more attack avenues to be availably publicly soon:

CODE

新洞速递(CVE-2021-41773)

1633506312033

POC

GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

Some URL

https://mp.weixin.qq.com/s/XEnjVwb9I0GPG9RG-v7lHQ

https://mp.weixin.qq.com/s/cXUZD2W_FpFWxpGRaexDHA



原文始发于微信公众号(无级安全):新洞速递(CVE-2021-41773)

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年10月7日14:00:50
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   新洞速递(CVE-2021-41773)http://cn-sec.com/archives/566938.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息