CVE-2021-41773

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2021-41773 is a significant software vulnerability identified in Apache HTTP Server 2.4.49, which pertains to an issue of path traversal. This flaw in the software's design or implementation allows an attacker to access sensitive information or execute arbitrary code on the server by exploiting the path traversal vulnerability. The vulnerability was identified and registered within the National Vulnerability Database (NVD), where it can be found under its designated CVE number for further details. This vulnerability was exploited through attempts at path traversal, as indicated by the ET EXPLOIT Apache HTTP Server 2.4.49 – Path Traversal Attempt (CVE-2021-41773) M1 alert. Path traversal attacks involve manipulating variables that reference file locations within a program. In this case, attackers could potentially gain unauthorized access to files and directories that are stored outside the web root folder. In response to the detection of this vulnerability, updates and patches were issued to mitigate the risk associated with the flaw. It is crucial for organizations using Apache HTTP Server 2.4.49 to apply these updates promptly to protect their systems from potential breaches. Additionally, it's worth noting that this vulnerability is related to another identified flaw, CVE-2021-42013, which also affects the Apache HTTP Server and should be addressed simultaneously.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Traversal
Apache
Malware
CISA
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Androxgh0stUnspecified
3
Androxgh0st is a prominent threat actor posing significant cybersecurity risks. This entity, which could be an individual, a private company, or part of a government agency, has been involved in the execution of malicious actions with harmful intent. The threat actor deploys Androxgh0st, a Trojan af
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2021-42013Unspecified
1
None
Source Document References
Information about the CVE-2021-41773 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA
SANS ISC
a year ago
InfoSec Handlers Diary Blog - SANS Internet Storm Center
InfoSecurity-magazine
5 months ago
US Government Urges Action to Mitigate Androxgh0st Malware Threat
CSO Online
a year ago
Fileless attacks surge as cybercriminals evade cloud security defenses
CERT-EU
5 months ago
FBI: Androxgh0st Malware Building Mega-Botnet for Credential Theft
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA
CERT-EU
a year ago
IDS Comparisons with DShield Honeypot Data, (Thu, Jul 6th) – Cyber Safe NV
CERT-EU
5 months ago
Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials
CERT-EU
5 months ago
CISA and FBI Reveal Known Androxgh0st Malware IoCs and TTPs
DARKReading
5 months ago
CISA: AWS, Microsoft 365 Accounts Under Active 'Androxgh0st' Attack
CERT-EU
a year ago
A Mere Five Percent of Vulnerable Enterprises Fix Their Issues Every Month: How to Help Them Do Better? | Bitsight
CISA
5 months ago
Known Indicators of Compromise Associated with Androxgh0st Malware | CISA
CISA
5 months ago
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware | CISA
CERT-EU
5 months ago
FBI: Beware of cloud-credential thieves building botnets
CISA
10 months ago
2022 Top Routinely Exploited Vulnerabilities | CISA
CERT-EU
5 months ago
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware
CERT-EU
5 months ago
Cyber Security Week in Review: January 19, 2024
CERT-EU
5 months ago
Hackers Building AndroxGh0st Botnet to Target AWS, O365, Feds Warn
DARKReading
a year ago
Rezilion Research Discovers Hidden Vulnerabilities in Hundreds of Docker Container Images
Securityaffairs
5 months ago
FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation