: Attackers can send unauthorized requests through an established connection. mod_auth_digest (Stack Overflow) : Vulnerability : CVE-2020-35452 .
POST /cgi-bin/.%2e/bin/bash HTTP/1.1 Host: vulnerable-server.com Content-Type: application/x-www-form-urlencoded apache httpd 2.4.46 exploit
(Null pointer dereference in mod_http2): Maliciously crafted HTTP/2 requests can crash the child process. Affects 2.4.46 if built with HTTP/2 support. Impact : DoS via repeated requests. : Attackers can send unauthorized requests through an
GET /icons/.%2e/ HTTP/1.1 Host: vulnerable-server.com Affects 2
The Apache HTTP Server, commonly referred to as httpd, is one of the most widely used web server software across the globe. Its ubiquity in serving web content makes it a prime target for attackers. Recently, two critical vulnerabilities were discovered in Apache httpd version 2.4.46 and earlier, which could allow attackers to exploit these weaknesses for malicious purposes. This post will delve into the details of these vulnerabilities, identified as CVE-2021-41773 and CVE-2021-42013, and discuss how they can be exploited.
: Unexpected URL matching behavior occurs when MergeSlashes is set to OFF , potentially leading to security bypasses in access control. Remediation
CVSS 4.0 Severity and Vector Strings: NIST: NVD. N/A. NVD assessment not yet provided. CVSS 3.x Severity and Vector Strings: NIST: National Institute of Standards and Technology (.gov) CVE-2021-26691: Apache HTTP Server Buffer Overflow Flaw