Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKQ1sVMn=09uimvWxVZrrVRGSDk5HLCB0TQViFJp1WFNG7jvWg@mail.gmail.com>
Date: Fri, 8 Oct 2021 20:37:33 +0200
From: Yann Ylavic <ylavic.dev@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2021-42013: Path Traversal and Remote Code
 Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

On Fri, Oct 8, 2021 at 8:53 AM Roman Medina-Heigl Hernandez
<roman@...labs.com> wrote:
>
> I posted RCE exploit for this (it works for both CVEs: 41773 & 42013)
> and some other details regarding requirements / exploitability, which
> you may find useful at:
>
> https://twitter.com/roman_soft/status/1446252280597078024

Thanks, that's fair analysis.

Cheers;
Yann.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.