Articles Fresh Apache Vulnerability May Lead to Remote Code Execution

Fresh Apache Vulnerability May Lead to Remote Code Execution


Earlier this week, the Apache Software Foundation released a patch  to address the 0-day vulnerability CVE-2021-41773 in its HTTP web server. Already at the time of the release of the patches, the bug was actively exploited by hackers, and it was reported that the vulnerability allows attackers to carry out a path traversal attack by matching URLs to files outside the expected document root. As a result, such an attack could lead to leakage of CGI scripts and more.

The bug only affects Apache web servers running version 2.4.49, and the affected server must have the “require all denied” option disabled (unfortunately, this is the default configuration).

As we previously reported, a number of researchers were able to reproduce the vulnerability and quickly posted several experimental exploits on Twitter and GitHub. But now the publication Bleeping Computer writes that, during the development of exploits, experts discovered one important nuance: the vulnerability can be used not only for reading arbitrary files, but also for executing arbitrary code.

This was first noticed by cybersecurity researcher Hacker Fantastic, who reported that the problem turns into RCE in Linux systems if the server is configured to support CGI via mod_cgi. If an attacker can download a file using the path traversal exploit and set permissions to execute the file, he will be able to execute commands with the same privileges as the Apache process.

Other experts, including CERT analyst  Will Dormann and cybersecurity  researcher Tim Brown , report that code execution is possible on Windows machines. Now experts believe that CVE-2021-41773 could initially be classified incorrectly and, in fact, the problem is more serious than the developers thought.

“I didn’t do anything smart, I just played a publicly available PoC exploit on Windows and found calc.exe running,” Dormann told reporters. – Of course, Apache must be the vulnerable version 2.4.49, mod-cgi must be enabled, and Require all denied must also be disabled. But if all conditions are met, then CVE-2021-41773 will work as an RCE. “

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you