Date: Fri, 8 Oct 2021 20:37:33 +0200 From: Yann Ylavic <ylavic.dev@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) On Fri, Oct 8, 2021 at 8:53 AM Roman Medina-Heigl Hernandez <roman@...labs.com> wrote: > > I posted RCE exploit for this (it works for both CVEs: 41773 & 42013) > and some other details regarding requirements / exploitability, which > you may find useful at: > > https://twitter.com/roman_soft/status/1446252280597078024 Thanks, that's fair analysis. Cheers; Yann.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.