{"id":"MGASA-2021-0470","summary":"Updated apache packages fix security vulnerability","details":"It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was\ninsufficient. An attacker could use a path traversal attack to map URLs to files\noutside the directories configured by Alias-like directives. If files outside of\nthese directories are not protected by the usual default configuration \"require\nall denied\", these requests can succeed. If CGI scripts are also enabled for\nthese aliased pathes, this could allow for remote code execution\n(CVE-2021-42013).\n","modified":"2026-04-16T00:08:59.134230654Z","published":"2021-10-08T19:12:12Z","upstream":["CVE-2021-42013"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0470.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29536"},{"type":"WEB","url":"https://downloads.apache.org/httpd/Announcement2.4.html"},{"type":"WEB","url":"https://downloads.apache.org/httpd/CHANGES_2.4.51"},{"type":"WEB","url":"https://httpd.apache.org/security/vulnerabilities_24.html"}],"affected":[{"package":{"name":"apache","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/apache?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.51-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0470.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}