HomeinvestigationsApache Web Server vulnerability affects servers in Greece!

Apache Web Server vulnerability affects servers in Greece! [Technical analysis]

Technical analysis of the security vulnerability in the Apache Web Server proves how easily data was exposed worldwide with many affected servers being located in Greece.

Security researcher Dimitris Roussis analyzes how a vulnerability on the well-known Web Server Apache that has been identified as CVE-2021-41773 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773 ) currently reports data to thousands of servers worldwide. Vulnerability allows you to read through the Directory Traversal Attack all the files on the server where the Web Server is installed.

Apache Web Server vulnerability affects servers in Greece!

See also: Apache Zero-day Vulnerability allows remote code execution

In the analysis that the researcher makes us initially 300 servers are required as a sample via the shodan search engine that have Apache Web Server installed in version 2.4.49.

Then through an automated script they check which of the servers the vulnerability really exists.

Apache Web Server vulnerability affects servers in Greece!

The end result of the script is creation of a file (vulnerable_servers.txt) which includes vulnerable servers.

See also: Bank of America employee charged with money laundering

Then, by executing the following simple curl command changing the IP and the path to the end we can now access any file we want on the Server.

Examples include:

Apache vulnerability

It is worth noting that among the affected servers are many from Greece, as evidenced by the Shodan search engine.

Apache Web Server Greece: screenshot by Shodan

The above study proves on the one hand that one vulnerability can lead to the disclosure of data on a large scale worldwide and on the other hand the necessity immediate implementation of software updates by the System Administrators.

See also: Next generation power connector for GPU will handle up to 600W

Apache Zero-day vulnerability

Proof-of-Concept (PoC) exploits for zero-day vulnerabilities in the Apache web server have recently surfaced on the internet revealing that the vulnerability is far more critical than the initial revelation.

These exploits show that the range of vulnerabilities exceeds the path path, allowing attackers to perform remote code (RCE) capabilities.

Apache remains one of the most popular web server of choice with over 25% market share.

Apache Web Server vulnerability affects servers in Greece!
Apache Web Server vulnerability affects servers in Greece!

From the so-called "path traversal" to remote code execution

The path traversal vulnerability in the Apache HTTP server has been actively used by hackers before the Apache project was notified of the defect in September or has the opportunity to fix it.

See also: FontOnLake malware: Targets Linux systems via trojanized utilities

But the recent revelation of the Apache path traversal webserver defect, identified as CVE-2021-41773, was followed by PoC exploits that quickly appeared on the internet.

But as PoC exploits were developed and collaborated, another discovery came to light.

Attackers can abuse Apache servers running version 2.4.49 not only to read arbitrary files but also to execute arbitrary code on the servers.

Note that immediately, the Apache Software Foundation released the HTTP Web Server 2.4.51 update, after researchers discovered that a previous security update did not properly fix an exploit vulnerability.

Learn more: Update Apache fixes incomplete patch

* Dimitris Roussis is a member of the Information Systems Security Laboratory of the University of the Aegean.

LIVE NEWS