CVE-2021-42013
Published on: 10/07/2021 12:00:00 AM UTC
Last Modified on: 06/09/2022 04:15:00 AM UTC
Certain versions of Http Server from Apache contain the following vulnerability:
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
- CVE-2021-42013 has been assigned by
[email protected] to track the vulnerability - currently rated as CRITICAL severity. - Affected Vendor/Software: Apache Software Foundation - Apache HTTP Server version = 2.4.49
- Affected Vendor/Software: Apache Software Foundation - Apache HTTP Server version = 2.4.50
CVSS3 Score: 9.8 - CRITICAL
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 7.5 - HIGH
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | PARTIAL | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| [SECURITY] Fedora 34 Update: httpd-2.4.51-1.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
FEDORA FEDORA-2021-2a10bc68a4 |
| oss-security - Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | www.openwall.com text/html |
MLIST [oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| Apache 2.4.50 Remote Code Execution ≈ Packet Storm | packetstormsecurity.com text/html |
MISC packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html |
| Apache HTTP Server 2.4.50 Remote Code Execution ≈ Packet Storm | packetstormsecurity.com text/html |
MISC packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html |
| JVN#51106450: Apache HTTP Server vulnerable to directory traversal | jvn.jp text/xml |
JVN JVN#51106450 |
| oss-security - CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | www.openwall.com text/html |
MLIST [oss-security] 20211007 CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| oss-security - Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | www.openwall.com text/html |
MLIST [oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| Apache HTTP Server Vulnerabilties: October 2021 | tools.cisco.com text/html |
CISCO 20211007 Apache HTTP Server Vulnerabilties: October 2021 |
| oss-security - Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | www.openwall.com text/html |
MLIST [oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| Oracle Critical Patch Update Advisory - April 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpuapr2022.html |
| October 2021 Apache HTTP Server Vulnerabilities in NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20211029-0009/ |
| Pony Mail! | lists.apache.org text/html |
MLIST [announce] 20211007 CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| oss-security - Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | www.openwall.com text/html |
MLIST [oss-security] 20211011 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| Apache HTTP Server 2.4.50 CVE-2021-42013 Exploitation ≈ Packet Storm | packetstormsecurity.com text/html |
MISC packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html |
| [SECURITY] Fedora 35 Update: httpd-2.4.51-2.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
FEDORA FEDORA-2021-aaf90ef84a |
| Oracle Critical Patch Update Advisory - January 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpujan2022.html |
| oss-security - Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | www.openwall.com text/html |
MLIST [oss-security] 20211009 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project | httpd.apache.org text/html |
MISC httpd.apache.org/security/vulnerabilities_24.html |
| Pony Mail! | lists.apache.org text/html |
MLIST [httpd-cvs] 20211008 [httpd-site] branch main updated: * Align with CVE-2021-42013 based on the latest findings |
| Apache HTTP Server 2.4.50 Remote Code Execution ≈ Packet Storm | packetstormsecurity.com text/html |
MISC packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html |
| oss-security - Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | www.openwall.com text/html |
MLIST [oss-security] 20211015 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution ≈ Packet Storm | packetstormsecurity.com text/html |
MISC packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html |
| Using a CVE-2021-42013 Apache 2.4.50 exploit in the wild | www.povilaika.com text/html |
MISC www.povilaika.com/apache-2-4-50-exploit/ |
| oss-security - Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | www.openwall.com text/html |
MLIST [oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| oss-security - Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | www.openwall.com text/html |
MLIST [oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| Pony Mail! | lists.apache.org text/html |
MLIST [httpd-users] 20211007 [[email protected]] CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| oss-security - Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | www.openwall.com text/html |
MLIST [oss-security] 20211016 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| oss-security - Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | www.openwall.com text/html |
MLIST [oss-security] 20211008 Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
| Apache HTTP Server 2.4.50 Path Traversal / Code Execution ≈ Packet Storm | packetstormsecurity.com text/html |
MISC packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html |
Related QID Numbers
- 150374 Apache HTTP Server Multiple Vulnerabilities (CVE-2021-42013)
- 281975 Fedora Security Update for httpd (FEDORA-2021-2a10bc68a4)
- 352857 Amazon Linux Security Advisory for httpd24: ALAS-2021-1543
- 352858 Amazon Linux Security Advisory for httpd: ALAS2-2021-1716
- 500024 Alpine Linux Security Update for apache2
- 690209 Free Berkeley Software Distribution (FreeBSD) Security Update for apache httpd (d001c189-2793-11ec-8fb1-206a8a720317)
- 87466 Apache Hypertext Transfer Protocol (HTTP) Server Path Traversal Vulnerability
Exploit/POC from Github
cve-2021-41773 即 cve-2021-42013 批量检测脚本
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Http Server | 2.4.49 | All | All | All |
| Application | Apache | Http Server | 2.4.50 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Application | Oracle | Instantis Enterprisetrack | 17.1 | All | All | All |
| Application | Oracle | Instantis Enterprisetrack | 17.2 | All | All | All |
| Application | Oracle | Instantis Enterprisetrack | 17.3 | All | All | All |
| Application | Oracle | Secure Backup | All | All | All | All |
- cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*:
Discovery Credit
Reported by Juan Escobar from Dreamlab Technologies, Fernando Muñoz from NULL Life CTF Team, and Shungo Kumasaka
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @iamamoose |
Apache 2.4.49 and 2.4.50 critical file disclosure/RCE for certain configurations: CVE-2021-42013 lists.apache.org/thread.html/rb… | 2021-10-07 15:26:21 |
| @iamamoose |
cve.org/CVERecord?id=C… is now published along with Apache HTTP Server 2.4.51 | 2021-10-07 15:52:51 |
| @CVEreport |
CVE-2021-42013 : It was found that the fix for CVE-2021-41773 in #Apache HTTP Server 2.4.50 was insufficient. An at… twitter.com/i/web/status/1… | 2021-10-07 15:53:37 |
| @eingemaischt |
@hanno @certbund Es gibt schon CVE-2021-42013 - weil der Fix für 41773 wohl incomplete war. | 2021-10-07 15:58:12 |
| @oss_security |
CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of… twitter.com/i/web/status/1… | 2021-10-07 16:00:38 |
| @USCERT_gov |
See Apache's new update, which addresses both CVE-2021-41773 and CVE-2021-42013 (the latter is new):… twitter.com/i/web/status/1… | 2021-10-07 17:16:50 |
| @notroj |
Important that those running @apache_httpd 2.4.49 or 2.4.50 updates to 2.4.51 to address CVE-2021-42013. Earlier v… twitter.com/i/web/status/1… | 2021-10-07 17:18:16 |
| @ClaireTills |
Another patch out for CVE-2021-41773 (bypass assigned CVE-2021-42013), be sure you've updated to Apache httpd Serve… twitter.com/i/web/status/1… | 2021-10-07 17:30:57 |
| @InakMali |
#Apache Software Foundation addresses CVE-2021-41773 and CVE-2021-42013 in patch in response to zero-day #vulnerability. | 2021-10-07 17:43:21 |
| @mkviitanen |
CVE-2021-42013 - incomplete fix of CVE-2021-41773. https://t.co/rQxttqD1WL | 2021-10-07 18:21:37 |
| @ipssignatures |
I know no IPS that has a protection/signature/rule for the vulnerability CVE-2021-42013. The vuln was published 0 d… twitter.com/i/web/status/1… | 2021-10-07 20:04:01 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 15 times. twitter.com/USCERT_gov/sta… #Skj74x75ogm3fa | 2021-10-07 20:04:01 |
| @USCERT_gov |
? Active scanning of Apache HTTP Server CVE-2021-41773 & CVE-2021-42013 is ongoing and expected to accelerate, like… twitter.com/i/web/status/1… | 2021-10-07 20:19:18 |
| @omokazuki |
修正が不十分の為2.4.51がリリース Apache HTTP Serverの脆弱性情報(Critical: CVE-2021-42013, Important: CVE-2021-41773, Moderate: CVE-20… twitter.com/i/web/status/1… | 2021-10-07 21:06:09 |
| @pdnuclei |
CVE-2021-42013 - Apache 2.4.49/2.4.50 - Path Traversal by nvn1729 "It was found that the fix for CVE-2021-41773 in… twitter.com/i/web/status/1… | 2021-10-07 22:29:43 |
| @bef0rd |
@roman_soft @itsecurityco @ortegaalfredo Check github.com/projectdiscove… | 2021-10-07 22:31:06 |
| @snyff |
Want a good training exercise? Exploit #CVE-2021-42013! 1. Build a container with 2.4.49 FROM httpd:2.4.49 COPY .… twitter.com/i/web/status/1… | 2021-10-07 22:39:46 |
| @kawada_syogo225 |
CVE-2021-41773の追加修正 | 2021-10-07 22:52:40 |
| @vulnhero |
Apache HTTP Server vulnerability (CVE-2021-42013) due to inadequacy fix for (CVE-2021-41773) - allows remote unauth… twitter.com/i/web/status/1… | 2021-10-07 23:02:00 |
| @astr0baby |
CVE-2021-42013 - This is how you can get an interactive shell via Metasploit (cmd/unix/reverse_bash payload exampl… twitter.com/i/web/status/1… | 2021-10-07 23:09:09 |
| @RandomDhiraj |
Meet CVE-2021-42013 on Apache 2.4.50 update to 2.4.51 :) https://t.co/MALQzXzyOD | 2021-10-07 23:10:15 |
| @Horizon3ai |
Same day service! #NodeZero now detects, exploits, and proves the latest #Apache HTTP Server vuln (CVE-2021-42013)… twitter.com/i/web/status/1… | 2021-10-07 23:11:29 |
| @roman_soft |
RCE exploit both for Apache 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013): [email protected]:~# curl 'http://192.168… twitter.com/i/web/status/1… | 2021-10-07 23:13:08 |
| @itsecurityco |
Since there is already exploit in Nuclei for #CVE-2021-42013, we share with you our payloads: 1. %%32%65%%32%65 2.… twitter.com/i/web/status/1… | 2021-10-07 23:20:31 |
| @RkoAurelio |
New vulnerability that allows Remote Code Execution (CVE-2021-41773, CVE-2021-42013) in Apache HTTP Server 2.4.49 a… twitter.com/i/web/status/1… | 2021-10-08 00:04:11 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 123 times. twitter.com/USCERT_gov/sta… #pow2rtrtwwcve | 2021-10-08 00:06:01 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 10 times. twitter.com/iamamoose/stat… #pow1rtrtwwcve | 2021-10-08 00:06:01 |
| @yamory_sec |
Apache HTTP Server CVE-2021-41773の脆弱性への修正が不完全だったため、2.4.51で再度修正が行われ、CVE-2021-42013として公開されています。 リモートコード実行に繋がる恐れもあります… twitter.com/i/web/status/1… | 2021-10-08 00:42:25 |
| @christinayiotis |
“Vulnerabilities (CVE-2021-41773) & CVE-2021-42013) have been identified in Apache HTTP Server, one of the most com… twitter.com/i/web/status/1… | 2021-10-08 01:38:47 |
| @A_zs_Blog |
【追記】 パストラバーサルおよびリモートコード実行の脆弱性(CVE-2021-42013):パストラバーサルの脆弱性の修正が不十分であることが確認されました。 a-zs.net/apache_http_se… | 2021-10-08 01:39:21 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 37 times. twitter.com/roman_soft/sta… #pow1rtrtwwcve | 2021-10-08 02:06:00 |
| @ohhara_shiojiri |
「更新: 2021年10月8日追記 本脆弱性の修正として提供したバージョン2.4.50に、別のパストラバーサルの脆弱性(CVE-2021-42013)があることが判明したことを発表し、本脆弱性を修正するバージョン2.4.51をリリースしました。」 | 2021-10-08 02:47:32 |
| @ken1no |
Apache HTTPD 2.4.51がリリースされました。パストラバーサル及びリモートからのコード実行の脆弱性(CVE-2021-42013)が修正されています。 「インストールするもの」を更新しました。 http2.try-and-test.net/install.html#a… | 2021-10-08 03:06:21 |
| @k1rou |
「vulnerabilities (CVE-2021-41773, CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50」→Apache Releases HTTP Ser… twitter.com/i/web/status/1… | 2021-10-08 03:30:32 |
| @CCNADailyTIPS |
RCE exploit both for Apache 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013): POC... We got a Reverse Shell! youtu.be/WSVcuV2Wc58 | 2021-10-08 03:32:45 |
| @catnap707 |
わずか3日、「Apache HTTPD」が再修正 - 前回修正は不十分、あらたにRCEのおそれも:Security NEXT security-next.com/130520 “CVE番号「CVE-2021-42013」があらたに… twitter.com/i/web/status/1… | 2021-10-08 03:41:14 |
| @chybeta |
CVE-2021-42013 & CVE-2021-41773 Apache HTTPd Path Traversal and Remote Code Execution https://t.co/kKhaIBSzpp | 2021-10-08 03:50:32 |
| @AusCERT |
Additional fixes to Apache HTTP Server for CVE-2021-41773, which is tracked as CVE-2021-42013 Bulletin:… twitter.com/i/web/status/1… | 2021-10-08 04:08:04 |
| @ymzkei5 |
Apache HTTP Server 2.4.50 の「別のパストラバーサル」の脆弱性( CVE-2021-42013 )、%%32%45 や %%32%65 や %2%45 や %2%65 や %%32e や %%32E といっ… twitter.com/i/web/status/1… | 2021-10-08 04:12:12 |
| @oubon21120991 |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 – wizSafe Security Signal -安心・安全への道標- IIJ wizsafe.iij.ad.jp/2021/10/1285/ | 2021-10-08 05:03:09 |
| @nilab |
「本脆弱性の修正として提供したバージョン2.4.50に、別のパストラバーサルの脆弱性(CVE-2021-42013)があることが判明したことを発表し、本脆弱性を修正するバージョン2.4.51をリリース」 Apache HTTP… twitter.com/i/web/status/1… | 2021-10-08 05:03:54 |
| @MasafumiNegishi |
脆弱性の修正が不十分だった今回の問題は、IIJ の SOC メンバーが(も)発見し報告しました。GJ! Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 –… twitter.com/i/web/status/1… | 2021-10-08 05:29:47 |
| @0xhunster |
CVE-2021-42013 & CVE-2021-41773 Apache HTTPd Path Traversal and Remote Code Execution #Apache #vulnerability https://t.co/v7eurGOex0 | 2021-10-08 05:41:01 |
| @RapidSafeguard |
Reproduce CVE-2021-42013 Apache 2.4.50 path traversal vulnerability. Path traversal vulnerability GET /cgi-bin/%%… twitter.com/i/web/status/1… | 2021-10-08 05:48:01 |
| @ohhara_shiojiri |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 – wizSafe Security Signal -安心・安全への道標- IIJ wizsafe.iij.ad.jp/2021/10/1285/ | 2021-10-08 05:49:31 |
| @80vul |
See the patch on the patch again:incomplete fix of CVE-2021-41773 --> CVE-2021-42013 httpd.apache.org/security/vulne… So Apache 2.4.50 also fell | 2021-10-08 05:50:50 |
| @nekochanSec555 |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 – wizSafe Security Signal -安心・安全への道標- IIJ… twitter.com/i/web/status/1… | 2021-10-08 05:51:39 |
| @piyokango |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 – wizSafe Security Signal -安心・安全への道標- IIJ wizsafe.iij.ad.jp/2021/10/1285/ | 2021-10-08 05:52:06 |
| @IIJ_PR |
#セキュリティ 情報発信サイト「wizSafe Security Signal」に「Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見」を掲載しました。 IIJ… twitter.com/i/web/status/1… | 2021-10-08 06:18:36 |
| @IIJ_ITS |
「Apache httpdの脆弱性“CVE-2021-42013”の発見と報告 – IIJ セキュリティオペレーションセンター」 IIJ SOCのアナリスト熊坂駿吾が報告したCVE-2021-42013の紹介と、本報告に関係するS… twitter.com/i/web/status/1… | 2021-10-08 06:21:11 |
| @tongson |
Patch for CVE-2021-41773 introduces RCE. Patch now for CVE-2021-42013. A patchy server indeed. | 2021-10-08 06:21:58 |
| @IIJ_PR |
「IIJ Engineers Blog」に「Apache httpdの脆弱性“CVE-2021-42013”の発見と報告 – IIJ セキュリティオペレーションセンター」を掲載しました。 ぜひご覧ください。… twitter.com/i/web/status/1… | 2021-10-08 06:22:30 |
| @IIJ_doumae |
Apache HTTP Server 2.4.50の脆弱性"CVE-2021-42013"の発見は、IIJ SOC(セキュリティオペレーションセンター)の業務の一環として行われました。IIJ SOCの脆弱性調査の模様を、別記事にて… twitter.com/i/web/status/1… | 2021-10-08 06:39:46 |
| @RaulRenales |
Vulnerabilidad en Apache (2.4.49) que permitiría a un atacante exfiltrar información. CVE-2021-42013 httpd.apache.org/security/vulne… | 2021-10-08 06:44:08 |
| @RyoTa63292153 |
“更新:Apache HTTP Server の脆弱性対策について(CVE-2021-41773, CVE-2021-42013):IPA 独立行政法人 情報処理推進機構” (1 user) htn.to/4967on9TX2 | 2021-10-08 06:45:01 |
| @0xhunster |
RCE exploit both for Apache 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013): curl 'host.com/cgi-bin/.%%32%…' --d… twitter.com/i/web/status/1… | 2021-10-08 06:46:55 |
| @hinoshiba |
ご報告 CVE-2021-42013の発見者1人として名を残しました。お溢れみたいな発見でしたが、自身の中で目標としていた“2年以内にCVE発見に関わる”をクリアできました。 自身の所属会社での記事を宣伝します。 記事内に、少し… twitter.com/i/web/status/1… | 2021-10-08 06:47:12 |
| @gweeperx |
Exploiting #RCE exploit for #Apache 2.4.49 (#CVE-2021-41773) and 2.4.50 (CVE-2021-42013) in windows machine.… twitter.com/i/web/status/1… | 2021-10-08 06:51:17 |
| @nerccu |
#Apache has released Apache #HTTP Server 2.4.51 to address vulnerabilities (CVE-2021-41773, CVE-2021-42013) in Apac… twitter.com/i/web/status/1… | 2021-10-08 06:52:17 |
| @m01e_exp |
@stanner_austin @chybeta The PoC of CVE-2021-42013 has been published in Twitter... You can search it. | 2021-10-08 07:18:48 |
| @kinyuka |
『WAF「Scutum」では、CVE-2021-42013の脆弱性についても、既存の防御機能により本脆弱性公開前から攻撃を防御できていることを確認しております。』 scutum.jp/information/te… | 2021-10-08 07:25:40 |
| @kinyuka |
Apacheのど派手な脆弱性2連発(CVE-2021-41773,CVE-2021-42013)でしたが、幸いScutumではどちらもゼロデイ防御可能なものでした。2つめはけっこう止められなかったWAFもあるんじゃないかな? twitter.com/kinyuka/status… | 2021-10-08 07:27:30 |
| @vx_herm1t |
Patch your apache! CVE-2021-42013 https://t.co/nyxakqmzz0 | 2021-10-08 07:30:09 |
| @ManiarViral |
Host and IP Address count for Apache 2.4.50: 3K & 6K RCE in Apache 2.4.49 & 2.4.50 (Works… twitter.com/i/web/status/1… | 2021-10-08 07:31:42 |
| @timb_machine |
@Ax_Sharma @hackerfantastic @wdormann Looks like it's been confirmed with latest advisory (CVE-2021-42013):… twitter.com/i/web/status/1… | 2021-10-08 07:40:13 |
| @magiauk |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 ift.tt/3AndgUs | 2021-10-08 07:51:53 |
| @ka0com |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 - wizsafe.iij.ad.jp/2021/10/1285/ | 2021-10-08 08:00:56 |
| @ka0com |
Apache httpdの脆弱性“CVE-2021-42013”の発見と報告 – IIJ セキュリティオペレーションセンター | IIJ Engineers Blog - eng-blog.iij.ad.jp/archives/10987 | 2021-10-08 08:02:08 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 30 times. twitter.com/chybeta/status… #pow1rtrtwwcve | 2021-10-08 08:06:01 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 23 times. twitter.com/MasafumiNegish… #pow1rtrtwwcve | 2021-10-08 08:06:01 |
| @omokazuki |
PoC(CVE-2021-42013)と動画を追加 Apache HTTP Serverの脆弱性情報(Critical: CVE-2021-42013, Important: CVE-2021-41773, Moderate:… twitter.com/i/web/status/1… | 2021-10-08 08:25:23 |
| @omokazuki |
PoC(CVE-2021-42013)動画をアップしました。 #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #httpd #web youtube.com/watch?v=PqlAj6… | 2021-10-08 08:28:00 |
| @nekochanSec555 |
Apache httpdの脆弱性“CVE-2021-42013”の発見と報告 – IIJ セキュリティオペレーションセンター | IIJ Engineers Blog eng-blog.iij.ad.jp/archives/10987 | 2021-10-08 08:42:40 |
| @kabukawa |
_φ(・_・ Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 wizsafe.iij.ad.jp/2021/10/1285/ | 2021-10-08 09:47:19 |
| @oss_security |
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fi… twitter.com/i/web/status/1… | 2021-10-08 09:55:02 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 12 times. twitter.com/piyokango/stat… #pow1rtrtwwcve | 2021-10-08 10:06:00 |
| @emilstahl |
@CFCSsitcen Den nye RCE er CVE-2021-42013 (incomplete fix af CVE-2021-41773) seclists.org/oss-sec/2021/q… - værd at nævne. | 2021-10-08 10:12:43 |
| @waiha8 |
“Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見” htn.to/3kHqhoGjUP | 2021-10-08 10:34:37 |
| @cyberkendra |
Apache HTTP Zero-day CVE-2021-41773 fix Bypassed With CVE-2021-42013 cyberkendra.com/2021/10/apache… #Apache #security #bugbounty #zeroday | 2021-10-08 10:40:25 |
| @evrnyalcin |
Apache 2.4.50 (CVE-2021-42013) RCE playground github.com/RedSection/poc… #bugbountytips | 2021-10-08 10:45:52 |
| @takahoyo |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 – wizSafe Security Signal -安心・安全への道標- IIJ… twitter.com/i/web/status/1… | 2021-10-08 11:24:51 |
| @MASA89434701 |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 – wizSafe Security Signal -安心・安全への道標- IIJ wizsafe.iij.ad.jp/2021/10/1285/ | 2021-10-08 11:31:19 |
| @prywatnik |
Zdalne wykonanie kodu na serwerach Apache: ( openwall.com/lists/oss-secu…). curl 'http://X/cgi-bi… twitter.com/i/web/status/1… | 2021-10-08 11:47:43 |
| @cybersec2030 |
مهم ⚠️ ? Active scanning of #Apache HTTP Server CVE-2021-41773 & CVE-2021-42013 is ongoing and expected to accelera… twitter.com/i/web/status/1… | 2021-10-08 11:47:56 |
| @lukOlejnik |
Remote code execution in Apache HTTP Server (). curl 'http://X/cgi-bin/.%%32%65/.%%32%65/.%%… twitter.com/i/web/status/1… | 2021-10-08 11:48:54 |
| @Mekhalleh |
I just update the PoC to introduce the CVE-2021-42013 (Traversal/RCE into Apache 2.4.49/2.4.50) Support more check… twitter.com/i/web/status/1… | 2021-10-08 12:27:00 |
| @kunio99 |
めっちゃやり方書いてある!! Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 – wizSafe Security Signal -安心・安全への道標- I… twitter.com/i/web/status/1… | 2021-10-08 12:30:04 |
| @LuciferAlpha |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 – wizSafe Security Signal -安心・安全への道標- IIJ wizsafe.iij.ad.jp/2021/10/1285/ | 2021-10-08 12:36:24 |
| @burnworks |
“Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見” (16 users) htn.to/3MQnH6ATHg | 2021-10-08 13:02:27 |
| @_wix1 |
github.com/projectdiscove… | 2021-10-08 13:12:47 |
| @MAlajab |
?اذا كنت تستخدم Apache HTTP Server قم بتحديثه واغلاق الثغرات CVE-2021-41773 & CVE-2021-42013. حيث يقوم المهاجمين ب… twitter.com/i/web/status/1… | 2021-10-08 13:57:16 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 10 times. twitter.com/RapidSafeguard… #pow1rtrtwwcve | 2021-10-08 14:06:00 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 10 times. twitter.com/IIJ_ITS/status… #pow1rtrtwwcve | 2021-10-08 14:06:01 |
| @astr0baby |
A short video demo of the CVE-2021-42013 Apache 2.4.50 POC youtu.be/MFBUuJyWPkk | 2021-10-08 14:06:03 |
| @yousukezan |
CVE-2021-42013は俺が見つけた的なこと世界のあちこちで言ってる人がいそう | 2021-10-08 14:27:40 |
| @sjmsteffann |
@enoclue Ubuntu claims they are not vulnerable to CVE-2021-41773 here: ubuntu.com/security/CVE-2… | 2021-10-08 14:37:44 |
| @miki158s |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 – wizSafe Security Signal -安心・安全への道標- IIJ wizsafe.iij.ad.jp/2021/10/1285/ | 2021-10-08 15:22:26 |
| @magiauk |
Apache httpdの脆弱性“CVE-2021-42013”の発見と報告 – IIJ セキュリティオペレーションセンター | IIJ Engineers Blog ift.tt/3amGDvA | 2021-10-08 15:51:38 |
| @osamah_Alshaya |
RCE exploit both for Apache 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013). Have fun ? and secure your work en… twitter.com/i/web/status/1… | 2021-10-08 16:36:22 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 11 times. twitter.com/ymzkei5/status… #pow1rtrtwwcve | 2021-10-08 18:06:00 |
| @yumetov |
CVE-2021-41773, CVE-2021-42013 jpcert.or.jp/at/2021/at2100… | 2021-10-08 19:20:15 |
| @it_hatebu |
Apache httpdの脆弱性“CVE-2021-42013”の発見と報告 – IIJ セキュリティオペレーションセンター | IIJ Engineers Blog eng-blog.iij.ad.jp/archives/10987 | 2021-10-08 19:40:05 |
| @cyb3rops |
The reason for the second fix to Apache server version 2.4.51 (CVE-2021-42013) https://t.co/3uAGZTzFnz | 2021-10-08 19:53:58 |
| @r00t_nasser |
CVE-2021-42013) apache 2.4.49. vs apache 2.4.50 #BugBounty #infosec https://t.co/zD3WOJzWIx | 2021-10-08 20:01:59 |
| @DragonJAR |
Algunos Payloads para el CVE-2021-42013 de Apache 2.4.50 t.me/dragonjar/10187 añádelo a tu Burpbounty Free o PRO twitter.com/BurpBounty/sta… | 2021-10-08 20:05:33 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 10 times. twitter.com/Mekhalleh/stat… #pow1rtrtwwcve | 2021-10-08 20:06:01 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 10 times. twitter.com/MAlajab/status… #pow1rtrtwwcve | 2021-10-08 20:06:01 |
| @it_hatebu |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 wizsafe.iij.ad.jp/2021/10/1285/ | 2021-10-08 21:05:06 |
| @tmhwq |
“Apache httpdの脆弱性“CVE-2021-42013”の発見と報告 – IIJ セキュリティオペレーションセンター | IIJ Engineers Blog” htn.to/4uQr8gVcJH | 2021-10-08 21:07:05 |
| @oss_security |
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fi… twitter.com/i/web/status/1… | 2021-10-08 21:48:02 |
| @oss_security |
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fi… twitter.com/i/web/status/1… | 2021-10-08 21:48:03 |
| @oss_security |
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fi… twitter.com/i/web/status/1… | 2021-10-08 21:48:04 |
| @teramako |
“Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見” htn.to/26MnBCmbwK | 2021-10-08 22:05:42 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 47 times. twitter.com/cyb3rops/statu… #pow1rtrtwwcve | 2021-10-08 22:06:00 |
| @nerubesa |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 ift.tt/3AndgUs | 2021-10-08 23:29:16 |
| @kontonb |
Apache httpdの脆弱性“CVE-2021-42013”の発見と報告 – IIJ セキュリティオペレーションセンター | IIJ Engineers Blog eng-blog.iij.ad.jp/archives/10987 | 2021-10-09 00:30:36 |
| @oss_security |
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fi… twitter.com/i/web/status/1… | 2021-10-09 00:47:32 |
| @oss_security |
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fi… twitter.com/i/web/status/1… | 2021-10-09 00:47:33 |
| @d34dr4bbit |
add. Apache 2.4.49 CVE-2021-41773 and Apache 2.4.50 CVE-2021-42013 – SCANNER/TRAVERSAL/RCE by mekhalleh · Pull Requ… twitter.com/i/web/status/1… | 2021-10-09 00:47:51 |
| @stm_si |
Apache httpdの脆弱性“CVE-2021-42013”の発見と報告 – IIJ セキュリティオペレーションセンター | IIJ Engineers Blog eng-blog.iij.ad.jp/archives/10987 | 2021-10-09 00:49:01 |
| @shimau_ |
CVE-2021-42013へのこの流れってウェブ路地でもやってたよな なんやねん | 2021-10-09 02:40:12 |
| @yoshiteru |
NowBrowsing: "更新:Apache HTTP Server の脆弱性対策について(CVE-2021-41773, CVE-2021-42013):IPA 独立行政法人 情報処理推進機構" ipa.go.jp/security/ciadr… | 2021-10-09 04:04:58 |
| @infosec_90 |
#أمن_المعلومات #برمجة Apache HTTP Server 2.4.49 and 50 - Path Traversal CVE-2021-41773 /.%2e CVE-2021-42013 /.%%3… twitter.com/i/web/status/1… | 2021-10-09 05:18:18 |
| @suzu_GBA2003 |
2.4.50だめだったんか Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 – wizSafe Security Signal -安心・安全への道標- IIJ wizsafe.iij.ad.jp/2021/10/1285/ | 2021-10-09 07:26:19 |
| @onyphe |
This many #Apache 2.4.49/2.4.50: 350,000+ #CVE-2021-41773 #CVE-2021-42013 https://t.co/hBHz6vBmUv | 2021-10-09 09:11:28 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 121 times. twitter.com/cyb3rops/statu… #pow2rtrtwwcve | 2021-10-09 10:06:00 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 10 times. twitter.com/infosec_90/sta… #pow1rtrtwwcve | 2021-10-09 10:06:01 |
| @hmoud1996 |
@eng_bunawaf يوجد تحديثين مختلفة يمكنك الاطلاع ⤵️? CVE-2021-41773 CVE-2021-42013 | 2021-10-09 11:56:58 |
| @Mawg0ud |
New based #vulnerability identifier, CVE-2021-42013, it builds on CVE-2021-41773, which was a vulnerability in… twitter.com/i/web/status/1… | 2021-10-09 12:04:29 |
| @ka0com |
Dockerを使ってCVE-2021-42013を検証する - nekotosec.com/validate-cve-2… | 2021-10-09 12:25:48 |
| @djinh |
@satefan Everything is a joke: | 2021-10-09 12:40:23 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 1 days ago and retweeted 10 times. twitter.com/snyff/status/1… #pow1rtrtwwcve | 2021-10-09 14:06:00 |
| @0x009AD6_810 |
オレもオレもCVE-2021-42013 | 2021-10-09 14:28:44 |
| @piyokango |
はてなブログに投稿しました #はてなブログ Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-09 18:18:42 |
| @muupapa |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-09 18:41:14 |
| @oss_security |
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fi… twitter.com/i/web/status/1… | 2021-10-09 18:48:32 |
| @tethys_seesaa |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-09 22:55:50 |
| @hands_of_cat |
修正が不十分だから、CVE-2021-42013 が公開された。ただそれも不十分の模様。 Red Hat はそもそもの脆弱性の影響を受けないので、影響受けないんだろうな。 RHEL8 は、v2.4.37 をベースに Red H… twitter.com/i/web/status/1… | 2021-10-09 23:27:15 |
| @matiere |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 00:05:36 |
| @ipssignatures |
The vuln CVE-2021-42013 has a tweet created 0 days ago and retweeted 15 times. twitter.com/piyokango/stat… #pow1rtrtwwcve | 2021-10-10 00:06:00 |
| @lemonade_air |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… 数日前に話題になっていたやつだ。自分の検証環境で後で試してみる。 | 2021-10-10 00:55:47 |
| @matsuu_zatsu |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 01:27:28 |
| @tak_mita |
New post: 【後で読みたい!】更新:Apache HTTP Server の脆弱性対策について(CVE-2021-41773, CVE-2021-42013) taksbar.link/?p=179868 | 2021-10-10 02:08:44 |
| @ton960 |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 02:39:07 |
| @ka0com |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 02:46:48 |
| @magiauk |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog ift.tt/30cUova | 2021-10-10 02:51:54 |
| @aiujp1985 |
Apache httpdの脆弱性“CVE-2021-42013”の発見と報告 – IIJ セキュリティオペレーションセンター | IIJ Engineers Blog eng-blog.iij.ad.jp/archives/10987 | 2021-10-10 03:24:32 |
| @it_hatebu |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 05:00:03 |
| @equinox79 |
“Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog” htn.to/2WxGdpp71P | 2021-10-10 05:22:57 |
| @yomoyomo |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… パス(ディレクトリ)トラバーサ… twitter.com/i/web/status/1… | 2021-10-10 05:26:59 |
| @miraihack |
“Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog” htn.to/3ym3Gcb2no | 2021-10-10 05:33:05 |
| @shunta08101 |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 05:34:48 |
| @sutest1101 |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 05:54:17 |
| @ohhara_shiojiri |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 06:36:14 |
| @modokey |
“Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog” htn.to/3rKd8dWkqz | 2021-10-10 06:45:56 |
| @modokey |
“Apache httpdの脆弱性“CVE-2021-42013”の発見と報告 – IIJ セキュリティオペレーションセンター | IIJ Engineers Blog” htn.to/21EFtXmzD7 | 2021-10-10 06:48:20 |
| @hsur |
Apache httpd の脆弱性に注意(CVE-2021-42013): Apache httpd 2.4.50 のリリースから数日しか経っていませんが、2.4.51 がリリース... blog.cles.jp/item/12768?utm… | 2021-10-10 06:52:10 |
| @hernanespinoza |
? Active scanning of Apache HTTP Server CVE-2021-41773 & CVE-2021-42013 is ongoing and expected to accelerate, like… twitter.com/i/web/status/1… | 2021-10-10 07:48:52 |
| @nmatayoshi |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 09:04:17 |
| @t_motooka |
まとめ助かる / “Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog” htn.to/3xvZKCt31a | 2021-10-10 09:52:36 |
| @bashgrylls |
@NevenaSofranic Jesi li patch-ovala ove nove propuste? CVE-2021-42013 ? Sada znaš iz iskustva iz sna (snilog iskus… twitter.com/i/web/status/1… | 2021-10-10 10:16:08 |
| @avalon1982 |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた piyolog.hatenadiary.jp/entry/2021/10/… b.hatena.ne.jp/entry/s/piyolo… | 2021-10-10 13:03:07 |
| @HAL_CSIRT |
【更新:Apache HTTP Server の脆弱性対策について(CVE-2021-41773, CVE-2021-42013)】 ・バージョン 2.4.50 にて、修正が不十分であることが公表(CVE-2021-42013)さ… twitter.com/i/web/status/1… | 2021-10-10 13:05:10 |
| @nerubesa |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog ift.tt/30cUova | 2021-10-10 13:29:59 |
| @TheXXLMAN |
Apache server version 2.4.51 (CVE-2021-42013) https://t.co/fjeJGWJIP9 | 2021-10-10 14:47:25 |
| @sakuranbon50 |
はいきた! 私の仕事が増えるやーつ? #お仕事の話 Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 14:54:00 |
| @RyoTa63292153 |
1件のコメント b.hatena.ne.jp/entry?url=http… “Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog” (39 u… twitter.com/i/web/status/1… | 2021-10-10 16:18:39 |
| @tukaelu |
1件のコメント b.hatena.ne.jp/entry?url=http… “Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog” (42 u… twitter.com/i/web/status/1… | 2021-10-10 20:45:49 |
| @creadpag |
Path Traversal Zero-Day en Apache HTTP Server | CVE-2021-41773|CVE-2021-42013 creadpag.com/2021/10/path-t… #cve… twitter.com/i/web/status/1… | 2021-10-10 21:54:03 |
| @yosilove |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 22:29:21 |
| @yk_style2011 |
他のスコアが高い脆弱性は、このサイトぐらい詳しく情報を提供してほしいなって常々思う。 特に攻撃方法とか。 Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめ… twitter.com/i/web/status/1… | 2021-10-10 23:06:45 |
| @kaakaa_hoe_prog |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-10 23:49:19 |
| @kit1t |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-11 00:15:11 |
| @oha000 |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-11 00:24:10 |
| @tamosan |
夜行性インコさんのまとめ。先日から騒ぎになっているApacheの脆弱性について。PoCへのリンクもあり:Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめて… twitter.com/i/web/status/1… | 2021-10-11 00:58:54 |
| @giw_news |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-11 01:45:24 |
| @taku888infinity |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-11 02:26:15 |
| @ksk_bfb |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-11 04:13:52 |
| @tsaka1 |
ふむふむ。。。 RT: Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-11 04:29:42 |
| @seo_jp_news |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた – piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-11 05:23:05 |
| @Pyo0072 |
Apache HTTP Server の深刻な脆弱性CVE-2021-41773とCVE-2021-42013についてまとめてみた - piyolog piyolog.hatenadiary.jp/entry/2021/10/… | 2021-10-11 06:49:41 |
| @Securityblog |
GitHub - andrea-mattioli/apache-exploit-CVE-2021-42013: Exploit with integrated shodan search github.com/andrea-mattiol… | 2021-10-11 08:33:20 |
| @iamamoose |
Apache 2.4.49/2.4.50 postmortem CVE-2021-41773 and CVE-2021-42013 github.com/icing/blog/blo… | 2021-10-11 08:50:11 |
| @ueyasu |
Apache HTTP Server 2.4.50におけるパストラバーサル脆弱性(CVE-2021-42013)の発見 – wizSafe Security Signal -安心・安全への道標- IIJ wizsafe.iij.ad.jp/2021/10/1285/ | 2021-10-11 10:05:42 |
| @hands_of_cat |
CVE-2021-41773, CVE-2021-42013 "Apache/2.4.50" country:"JP" 361件 "Apache/2.4.51" country:"JP" 316件 対策したサーバ、増えたな。 ※… twitter.com/i/web/status/1… | 2021-10-11 10:29:16 |
| @oss_security |
Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fi… twitter.com/i/web/status/1… | 2021-10-11 12:50:33 |
| @GlegExploitPack |
ZDA pack + Canvas in action: videos for Apache 2.4.49 RCE CVE-2021-41773, 2.4.50 RCE CVE-2021-42013 : vimeo.com/user7532837/vi… | 2021-10-11 13:26:24 |
| @XakepRU |
Разработчики Apache подготовили дополнительный патч для свежей 0-day уязвимости xakep.ru/2021/10/11/cve… https://t.co/mNutjBXFpf | 2021-10-11 16:30:45 |
| @IT_news_for_all |
Разработчики Apache подготовили дополнительный патч для свежей 0-day уязвимости xakep.ru/2021/10/11/cve…...… twitter.com/i/web/status/1… | 2021-10-11 16:39:06 |
| @Mohamed87Khayat |
For automatic search for the new critical apache vuln cve-2021-41773& cve-2021-42013 Use this : github tool for poc… twitter.com/i/web/status/1… | 2021-10-11 17:48:46 |
| @qualys |
Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)… twitter.com/i/web/status/1… | 2021-10-11 19:00:09 |
| @linuxtoday |
UPDATE NOW: CVE-2021-42013 Vulnerability in Apache httpd Allows Access Outside the Site Root Directory linuxtoday.com/developer/upda… #Linux | 2021-10-11 20:01:00 |
 /r/sysadmin |
Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation | 2021-10-07 21:29:38 |
| /r/SecOpsDaily |
Apache HTTP Server CVE-2021-42013 and CVE-2021-41773 Exploited | 2021-10-22 07:29:33 |
| /r/torchsecuritynet |
Apache HTTP Server 2.4.50 CVE-2021-42013 Exploitation | 2021-11-30 04:17:43 |
| /r/snort |
Directory Traversal rule | 2021-12-09 03:10:18 |