MGASA-2021-0470

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0470.html

Import Source

https://advisories.mageia.org/MGASA-2021-0470.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0470

Related

CVE-2021-42013

Published

2021-10-08T19:12:12Z

Modified

2021-10-08T18:46:15Z

Summary

Updated apache packages fix security vulnerability

Details

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution (CVE-2021-42013).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / apache

Package

Name: apache
Purl: pkg:rpm/mageia/apache?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.51-1.mga8

Ecosystem specific

{
    "section": "core"
}