| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2021-42013 | Apache HTTP Server Path Traversal Vulnerability | exploitation_technique | T1210 | Exploitation of Remote Services |
Comments
CVE-2021-42013 was introduced as the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50. CVE-2021-42013 is a path traversal vulnerability in Apache HTTP Server 2.4.49 that allows an attacker to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied," these requests can succeed. If CGI scripts are also enabled for these aliased paths, this could allow for remote code execution.
References
|
| CVE-2021-42013 | Apache HTTP Server Path Traversal Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2021-42013 was introduced as the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50. CVE-2021-42013 is a path traversal vulnerability in Apache HTTP Server 2.4.49 that allows an attacker to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied," these requests can succeed. If CGI scripts are also enabled for these aliased paths, this could allow for remote code execution.
References
|