You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2021/10/08 12:41:00 UTC

[httpd-site] branch main updated: * Align with CVE-2021-42013 based on the latest findings

This is an automated email from the ASF dual-hosted git repository.

rpluem pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/httpd-site.git


The following commit(s) were added to refs/heads/main by this push:
     new 02daa7a  * Align with CVE-2021-42013 based on the latest findings
02daa7a is described below

commit 02daa7a934e2b1e8d2b6582785d479e4b61e5783
Author: Ruediger Pluem <r....@gmx.de>
AuthorDate: Fri Oct 8 14:40:50 2021 +0200

    * Align with CVE-2021-42013 based on the latest findings
---
 content/security/json/CVE-2021-41773.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/content/security/json/CVE-2021-41773.json b/content/security/json/CVE-2021-41773.json
index 0e4a2d0..c35ecf1 100644
--- a/content/security/json/CVE-2021-41773.json
+++ b/content/security/json/CVE-2021-41773.json
@@ -59,7 +59,7 @@
   "description": {
     "description_data": [
       {
-        "value": "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root.  \n\nIf files outside of the document root are not protected by \"require all denied\" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts.\n\nThis issue is known to be exploited in the wild.\n\nThis issue only affects Apache  [...]
+        "value": "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.\n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issu [...]
         "lang": "eng"
       }
     ]
@@ -76,7 +76,7 @@
   "configuration": [],
   "impact": [
     {
-      "other": "important"
+      "other": "critical"
     }
   ],
   "exploit": [],
@@ -113,7 +113,7 @@
     {
       "time": "2021-10-01",
       "lang": "eng",
-      "value": "fixed by r1893775 in 2.4.50"
+      "value": "fixed by r1893775 in 2.4.x"
     },
     {
       "lang": "eng",