Rewterz Threat Advisory – CVE-2022-30973 – Apache Tika Vulnerability
June 1, 2022Rewterz Threat Advisory –CVE-2016-4437 – Apache Shiro remember me Vulnerability
June 1, 2022Rewterz Threat Advisory – CVE-2022-30973 – Apache Tika Vulnerability
June 1, 2022Rewterz Threat Advisory –CVE-2016-4437 – Apache Shiro remember me Vulnerability
June 1, 2022Severity
High
Analysis Summary
CVE-2021-42013
Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system caused by a path traversal vulnerability related to an incomplete fix for CVE-2021-41773 when mod_cgi is enabled. By uploading a file and setting permissions, an attacker could exploit this vulnerability to execute arbitrary code on the system with Apache user privileges.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2021-42013
Affected Vendors
Apache
Affected Products
Apache HTTP Server 2.4.49
Apache HTTP Server 2.4.50
Remediation
Upgrade to the latest version of Apache HTTP Server, available from the Apache Website.