[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.
From: Yann Ylavic <ylavic.dev () gmail ! com>
Date: 2021-10-15 23:31:50
Message-ID: CAKQ1sVPSjUzdxyb7n7xa5bPzPV4xwXg7cgniwNeuyhg46dBjwQ () mail ! gmail ! com
[Download RAW message or body]
Hi Rom=C3=A1n,
On Fri, Oct 15, 2021 at 8:01 PM Roman Medina-Heigl Hernandez
<roman@rs-labs.com> wrote:
>
> Re [1], I think this:
>
> "critical: Path traversal and file disclosure vulnerability in Apache HTT=
P Server 2.4.49 (CVE-2021-41773)"
>
> is still misleading and should read:
>
> "critical: Path traversal and Remote Code Execution vulnerability in Apac=
he HTTP Server 2.4.49 (CVE-2021-41773)"
I (for one) would argue that admins/vendors that ship a RCE-vulnerable
custom configuration should reserve a CVE like this to notify their
users.
httpd does not, at least.
Cheers;
Yann.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic