Highlight: THM: Apache path traversal CVE-2021-41773/42013 'info' room

Channel:
United Kingdom MSec
Subscribers:
512
Published on ● Video Link: https://www.youtube.com/watch?v=5v5Ru_RIstc


Duration: 1:03:32
116 views
1

On the 5th of October 2021, a CVE detailing a path traversal attack on Apache HTTP Server v2.4.49 was released. Assigned the number CVE-2021-41773, it was released with the following description:

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally (sic) this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.

[https://tryhackme.com/room/cve202141773](https://tryhackme.com/room/cve202141773) -- Watch live at https://www.twitch.tv/msec



Other Videos By MSec


2022-06-25Highlight: THM Mr Robot CTF (medium) | Part #2
2022-06-25Highlight: THM Mr Robot CTF (medium) | Part #1
2022-06-25Highlight: THM Crack the hash | Part #2
2022-06-25Highlight: THM Crack the hash (easy) | Part #1
2022-06-25Highlight: THM OhSINT (easy)
2022-05-28Highlight: THM: Nmap
2022-05-28Highlight: THM: Google Dorking
2022-05-28Highlight: THM: RustScan
2022-04-26Highlight: THM: Attacktive Directory Room
2022-04-16Highlight: THM: Burp Suite: The Basics 'info' room
2022-04-16Highlight: THM: Apache path traversal CVE-2021-41773/42013 'info' room
2022-04-16Highlight: THM: Burp Suite: Repeater 'info' room
2022-04-16Highlight: THM: Polkit: CVE-2021-3560 'info' room
2022-04-16Highlight: THM: Sudo Baron Samedit CVE-2021-3156 'info' room
2022-04-16Highlight: THM: Sudo Security Bypass CVE-2019-14287 'info' room
2022-04-16Highlight: THM: OverlayFS - CVE-2021-3493 'info' room
2022-04-16Highlight: THM: Sudo Buffer Overflow CVE-2019-18634 'info' room
2022-04-16Highlight: THM: Pwnkit: CVE-2021-4034 'info' room
2022-04-11Highlight: THM: REmux The Tmux 'info' room.
2022-04-11Highlight: THM: Common Attacks 'info' room
2022-04-11Highlight: THM: Python Basics 'info' room


Tags:
bug
bugbounty
bugbountytips
bughunter
burpsuite
coding
cybersecurity
darkweb
ethicalhacker
ethicalhackers
ethicalhacking
exploit
games
hack
hacker
hackerone
hackers
hacking
hackingtools
infosec
kalilinux
linux
metasploit
msec
nmap
owasp
programming
python
security
technology
twitch
virus