Your Cyber Security Comic Relief
Apache server version 2.4.50 (CVE-2021-42013)
Why am I here?
Regardless of the origins, you’ve arrived at Advanced Threat Research team’s monthly bug digest – an overview of what we believe to be the most noteworthy vulnerabilities over the last month. We don’t rely on a single scoring system like CVSS to determine what you need to know about; this is all about qualitative and experience-based analysis, relying on over 100 years of combined industry experience within our team. We look at characteristics such as wormability, ubiquity of the target, likelihood of exploitation and impact. If you don’t agree with these picks, we encourage you to write a strongly worded letter to your local senator. In lieu of that, we present our top CVEs from the last month.
Bug 1: Apache CVE-2021-41773/CVE-2021-42013
Bug 2: Win32K CVE-2021-40449
Bug 3: Apple iOS CVE-2021-30883
Apache: CVE-2021-41773 and CVE-2021-42013
What is it?
2 CVES / 1 Vuln – It appears Apache struggled a bit with this latest critical vulnerability, where it took two tries to fix a basic path traversal bug, which was introduced while patching last month’s SSRF mod_proxy vulnerability. As path traversal bugs do, this allows unauthorized users to access files outside the expected document root on the web server. But wait, there’s more! This can lead to remote code execution provided mod-cgi is enable ..
Support the originator by clicking the read the rest link below.
