VDB
CNVD-2022-03222
CNVD-2022-03222
PUBLISHED
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.49版本存在路径遍历漏洞,该漏洞源于ap_normalize_path函数引入后未做严格的校验,攻击者可利用该漏洞获取到敏感信息或控制目标服务器。
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache HTTP Server 2.4.49 |
Exploit Intelligence
- 「🪶」PoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49 (github-poc-repo)
- 「🪶」PoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49 (github-poc)
- Apache HTTP Server 2.4.49 Path Traversal Vulnerability Reproduction (github-poc-repo)
- Apache HTTP Server 2.4.49 Path Traversal Vulnerability Reproduction (github-poc)
- im2sinister/CVE-2021-41773 (github-poc-repo)
- im2sinister/CVE-2021-41773 (github-poc)
- Kouf320/docker-lab-cve-2017-5638-cve-2021-41773 (github-poc-repo)
- Kouf320/docker-lab-cve-2017-5638-cve-2021-41773 (github-poc)
- 「🪶」PoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49 (github-poc-repo)
- 「🪶」PoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49 (github-poc)
…and 232 more exploits
Timeline
- Oct 6, 2021 PoC Published
- Oct 8, 2021 CVE ID Reserved
- Jan 12, 2022 CVE Published