CreatorsPublishersAdvertisers
View more in
Computers

UPDATE NOW: CVE-2021-42013 Vulnerability in Apache httpd Allows Access Outside the Site Root Directory

By LinuxStoney
linuxtoday.com
 4 days ago

Cover picture for the articleA new attack vector was found against the Apache http server, which remained unpatched in the 2.4.50 update and allows access to files from areas outside the root directory of the site. In addition, researchers have found a way that, in the presence of certain non-standard settings, not only read system files but also remotely execute their code on the server. The problem only manifests itself in releases 2.4.49 and 2.4.50, earlier versions of the vulnerability are not affected. To fix the new variant of the vulnerability, the release of Apache httpd 2.4.51 was promptly formed.

www.linuxtoday.com

Comments / 0

Related
infosecurity-magazine.com

Patch Apache HTTP Servers Now to Avoid Zero Day Exploit

Apache HTTP Server users have been urged to immediately patch after it emerged that a zero-day vulnerability in the popular open-source software is being exploited in the wild. CVE-2021-41773 is described as a path traversal flaw in version 2.4.49, which was itself only released a few weeks ago. “An attacker...
COMPUTERS
wpguynews.com

High Severity Vulnerability Patched in Access Demo Importer Plugin

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 9, 2021, the Wordfence Threat Intelligence team attempted to initiate the responsible disclosure process for a vulnerability that we discovered in Access Demo Importer, a WordPress plugin installed on over 20,000 sites. This flaw made it possible for authenticated attackers with just subscriber level access to upload arbitrary files that could be used to achieve remote code execution. On sites with open registration, an anonymous user could easily register and exploit this vulnerability.
COMPUTERS
bleepingcomputer.com

Actively exploited Apache 0-day also allows remote code execution

Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution (RCE) abilities. Apache remains one of the most popular...
COMPUTERS
theregister.com

Running an Apache web server? You probably need to patch it. Now

The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited. Apache's HTTP Server is widely used, and the vulnerabilities, CVE-2021-41524 and CVE-2021-41773, are nasty. The latter, a path traversal and file disclosure flaw, particularly so.
COMPUTERS
IN THIS ARTICLE
#Cve#Apache#Root Directory#Cve 2021 42013
bleepingcomputer.com

Apache emergency update fixes incomplete patch for exploited bug

Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability. Apache HTTP Server is an open-source, cross-platform web server that powers approximately 25% of websites worldwide. On Tuesday, Apache released Apache HTTP 2.4.50 to fix an...
SOFTWARE
securityboulevard.com

CVE-2021-41773 – Apache web server Path traversal

This past Monday, October 4th, Apache disclosed a vulnerability introduced on Apache HTTP Server 2.4.49 known as CVE-2021-41773. At the same time, update 2.4.50 was released, fixing this vulnerability. The vulnerability allows an attacker to bypass Path traversal protections, using encoding, and read arbitrary files on the webserver’s file system. Both Linux and Windows servers running this version of Apache are affected.
COMPUTERS
bleepingcomputer.com

Unpatched Dahua cams vulnerable to unauthenticated remote access

Unpatched Dahua cameras are prone to two authentication bypass vulnerabilities, and a proof of concept exploit that came out today makes the case of upgrading pressing. The authentication bypass flaws are tracked as CVE-2021-33044 and CVE-2021-33045, and are both remotely exploitable during the login process by sending specially crafted data packets to the target device.
ELECTRONICS
linuxtoday.com

Linux Mint 20.3 Will Come at the End of the Year

The latest report on the development of the Linux Mint distribution revealed the planned release date of its next update with Linux Mint 20.3 expected by the end of the year. Development continues in the case of the LMDE 5 edition, and the graphical modifications of the user environment are gradually nearing completion. Learn more here.
COMPUTERS
YOU MAY ALSO LIKE
NewsBreak
Technology
NewsBreak
Computers
linuxtoday.com

KDE Frameworks 5.87 New Release is Here

KDE Frameworks 5.87 is here to make the Plasma Discover graphical package manager faster when checking for updates and when loading the initial content from any of the Add-Ons categories. It will also fix a crash in the Dolphin file manager, Plasma desktop, and other KDE apps when undoing a file copy, and add icons in the Breeze icon theme for different types of Godot Engine files.
COMPUTERS
linuxtoday.com

Nethogs – Monitor Linux Network Traffic Usage Per Process

There are tons of open-source network monitoring tools available for the Linux operating systems on the web. For example, you can use the iftop command to monitor bandwidth usage, the netstat command, or ss command to see reports on interface statistics. Or use the top command to watch running process on your system.
COMPUTERS
linuxtoday.com

Mozilla Thunderbird 91.2 Finally Allows OTA Upgrades from Thunderbird 78 or Earlier

Thunderbird 91 was launched two months ago, but it wasn’t offered as an OTA (Over-the-Air) upgrade from Thunderbird 78 and earlier releases. After three minor point releases, Thunderbird 91.2 is here and enables support for OTA upgrades from earlier Thunderbird versions. Thunderbird 91.2 is also a minor update, bringing only...
TECHNOLOGY
linuxtoday.com

Kodi 19.2 Improves Xbox Support and Support for Devices Running Old Android Versions

Kodi 19.2 is here five months after Kodi 19.1, which introduced initial support of the Kodi 19 “Matrix” series for the Xbox gaming console, added better support for SMB shares, improved reliability for HTTP and NFS network filesystems, enabled file caching by default for network filesystems, and fixed playback of optical DVDs in Linux.
VIDEO GAMES
linuxtoday.com

Python Has Become the Most Popular Language, According to TIOBE

According to the latest ratings from the software company TIOBE, Python is now the most popular programming language in the world. The so-called TIOBE Index is based on the number of language searches performed online, which may also be a measure of a language’s popularity. Link to Article:. https://linuxiac.com/python-the-most-popular-programming-language/
COMPUTERS
qualys.com

October 2021 Release: CVE ID Detection and Reporting

The Qualys Cloud Platform October 2021 release includes Qualys Cloud Suite 10.15.0.0, which contains new features and important enhancements in the Qualys Cloud Platform. Option to include CVEs in the host-based scan reports. Starting this release, Qualys introduces a powerful new capability to generate vulnerability reports based on CVEs and...
SOFTWARE
linuxtoday.com

How to Delete a Directory in Linux

It’s important to understand how to manage directories in your OS. If you’re new to Linux, this article shows how to delete a directory.
COMPUTERS
linuxtoday.com

Dockerize Node.js apps with Buildpacks

Docker has long been the go-to tool to create easily distributable and deployable artifacts. However, creating a Docker image from your custom application code requires a little expertise, especially if you regularly rebuild images as you make changes to your code. It is very easy to unnecessarily download thousands of...
COMPUTERS
linuxtoday.com

Debian Project Releases Debian 11.1 and Debian 10.11

Debian doesn’t follow a fixed release schedule, and that makes it somewhat hard to know exactly when a new release will be available. Now the Debian project has announced the availability of two new versions, Debian 11.1 and Debian 10.11, of its operating system simultaneously. Learn more about the new releases here.
COMPUTERS
linuxtoday.com

Improving Test Coverage for Cameras in KernelCI

Put simply, libcamera is a library that handles acquiring, configuring and capturing frames from a camera. Camera pipelines have become increasingly complex, and traditionally this complexity has been exposed by the kernel through the V4L2 APIs, for applications to deal with directly. libcamera is the layer in-between V4L2 and the application so that camera handling can become simple. Here’s a look at recent work to improve testing in libcamera and automating it through KernelCI.
SOFTWARE
Redmondmag.com

Espionage Attackers Were Using Windows Zero Day Vulnerability CVE-2021-40449

A Chinese-speaking advanced persistent threat (APT) group had been exploiting a zero-day Windows vulnerability, which got a patch from Microsoft on Tuesday, according to Kaspersky researchers. Security solutions firm Kaspersky was credited with finding the exploited Win32k elevation of privilege vulnerability (CVE-2021-40449), which is present in most Windows client and...
TECHNOLOGY
linuxtoday.com

Geany 1.38 Lightweight Code Editor is Out, Removes GTK+2 Support

Geany is a powerful, stable, and lightweight code editor with certain basic features of an Integrated Development Environment (IDE). The new version, Geany 1.38, comes with increased speed when opening documents. Every developer who spends hours in front of a computer screen writing codes absolutely needs an editor to program.
COMPUTERS

Comments / 0

Community Policy