😶 APACHE HTTP SERVER 2.4.49
Path traversal and file disclosure vulnerability
- A flaw was found in a change made to path normalization
- Version affected ⇒ 2.4.49 only
- More than 120,000 are exposed to Attack.
Shodan Search
- If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts
- Patch available ⇒ 2.4.50
REQUIRED CONFIGURATION
🙄 The bug is remote command / code execution under the vulnerable condition and when certain Apache modules are enabled ( MOD-CGI)
PATCH
PAYLOADS
LABS SETUPS 👇