Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution

Discussion in 'News Aggregator' started by Packet Storm, 26 Oct 2021.

  1. Packet Storm

    Packet Storm Guest

    This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).

    Continue reading...

Share This Page