Friday, March 29, 2024

Apache HTTP Server 0-Day Bug Exploited in Wild – PoC Exploit Released

Apache released a security update with the fixes of the Critical Zero-day vulnerability in Apache HTTP Server 2.4.49 that was exploited in Wide. Users recommended updating the new version Fixed in Apache HTTP Server 2.4.50.

The Apache HTTP Server is a free and open-source cross-platform web server software, released under the terms of Apache License 2.0 With 25% Market share.

Researchers uncovered a Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 which is widely exploited.

The vulnerability (CVE-2021-41773) found in a change made to path normalization in Apache HTTP Server 2.4.49 allows an attacker to use a path traversal attack to map URLs to files outside the expected document root.

“If files outside of the document root are not protected by “require all denied” these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts.”Apache said .

Also fixed another vulnerability (CVE-2021-41524) in 2.4.49 While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing by attackers with the help of a specially crafted request that allows an external source to DoS the server.

Remote Code Execution Abilities (CVE-2021-41773)

PoC-Exploit has been released for this Path traversal and file disclosure vulnerability, in which researchers also found that the vulnerability is more critical than it was that allowing attackers to perform remote code execution (RCE).

There are 112,755 Apache Server 2.4.49 running hosts found vulnerable, also by taking advantage of this vulnerability, Attackers can abuse Apache servers running version 2.4.49 not only to read arbitrary files but also to execute arbitrary code on the servers.

Security researcher with the name of Hacker Fantastic in Twitter has released a POC-Exploit which can be used for this attack by upload a file via a path traversal exploit, and set execute permissions on the file that gives them an ability to execute an arbitrary code remotely.

He also pointed that “Exploiting CVE-2021-41773 to execute commands is incredibly easy once mod-cgi has been enabled”

Also, he stated that “There is no need to upload a file on Linux/UNIX type environments and mess with file permissions (although that would work too) – you can exploit this with a simple POST request and run full commands + arguments by passing commands as env vars to /bin/sh”

All the server administrators should ensure their Apache HTTP server environments are running patched versions 2.4.50 and above, also use the  Sigma rules to help detect an active exploit for the zero-day.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles