CrowdSec
6/10CrowdSec Score

Apache Web Server - Path Traversal (CVE-2021-42013)

Published on07-10-2021
First seen on11-10-2021
CVSS 9.8/10Apache Software Foundation - Apache HTTP Server

6617Exploiting IPs reported

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

CrowdSec analysis

CVE-2021-42013 is a critical vulnerability in the Apache HTTP Server that enables attackers to exploit insufficient fixes for prior path traversal issues, potentially accessing files outside the expected directories and executing arbitrary code if CGI scripts are enabled.

CrowdSec has been tracking this vulnerability and its exploits since 11th of October 2021.

CrowdSec network data shows that most actors exploiting CVE-2021-42013 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2021-42013 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2021-42013 is currently experiencing high visibility and active exploitation across the internet.

Exploitation attempts typically focus on path traversal through specially crafted URLs, aiming to access unauthorized files or execute scripts on vulnerable systems.

Exploitation

Get real-time information about exploitation attempts and actors involved.

Detected IPs

Discover the IPs that targeted this vulnerability across the CrowdSec Network.

Common Weakness Enumeration (CWE)

Protection

Find out relevant information to protect your stack against this CVE.

Blocklist

With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.

To increase your protection against this CVE, block exploitation attempts with this list of identified actors.

References