Rewterz Threat Advisory – CVE-2021-33193 – Apache Mod_Proxy HTTP/2 Vulnerability
September 14, 2021Rewterz Threat Advisory – Multiple Apple Safari, macOS Big Sur, iOS, and iPadOSc Vulnerabilities
September 14, 2021Rewterz Threat Advisory – CVE-2021-33193 – Apache Mod_Proxy HTTP/2 Vulnerability
September 14, 2021Rewterz Threat Advisory – Multiple Apple Safari, macOS Big Sur, iOS, and iPadOSc Vulnerabilities
September 14, 2021Severity
High
Analysis Summary
CVE-2021-38555
Apache Any23 could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the StreamUtils.java file. By using specially crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files on the server.
CVE-2021-40146
Apache Any23 could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the YAMLExtractor.java file. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Information Disclosure
- Code Execution
Affected Vendors
Apache
Affected Products
- Apache Any23 2.4
Remediation
Upgrade to the latest version of Apache Any23, available from the Apache Web site.