Apache
Izvršivi PHP ekstenzije
Proverite koje ekstenzije izvršava Apache server. Da biste ih pretražili, možete izvršiti:
Takođe, neka mesta gde možete pronaći ovu konfiguraciju su:
CVE-2021-41773
Description
Apache HTTP Server (httpd) is an open-source web server software. A vulnerability, known as CVE-2021-41773, has been discovered in Apache HTTP Server versions 2.4.49 and prior. This vulnerability allows remote attackers to execute arbitrary code and gain unauthorized access to the targeted system.
Exploitation
To exploit this vulnerability, an attacker can send a specially crafted HTTP request to the server, targeting the vulnerable mod_status module. By including a path traversal sequence in the request, the attacker can access files outside the web root directory.
The following request can be used to exploit the vulnerability:
This request attempts to access the /etc/passwd
file, which contains sensitive system information, such as user account details.
Mitigation
To mitigate this vulnerability, it is recommended to upgrade to Apache HTTP Server version 2.4.50 or later. Additionally, it is advised to restrict access to the mod_status module or disable it if not required.
References
Last updated