• Creation
  • Validation
  • Communication & fix
  • Disclosure

MAXIS / Apache 2.4.49 vulnerable to CVE-2021-41773

Kaizen reported 2021-10-20

Your server was found vulnerable to CVE-2021-41773.

Attackers can read any file from your server.

Under some circumstances attackers are able to execute code on your server.

Potentially fixed by KaizenSecurity outside LeakIX

IP:
202.75.151.82
Port:
443
Detected protocol:
https
Found processes trough Apache RCE:
<redacted>...
cat�/proc/self/cmdline�
Found by Apache2449TraversalPlugin 2021-10-18
Report created by Kaizen  2021-10-20
Report edited by Kaizen  2021-10-20
Report edited by BloodyShell  2021-10-22
BloodyShell commented 2021-10-22: approved shows in report

Really sorry we missed this one.

We've been contacted by Maxis directly.

In the future please try to include a contact to the company itself as it will speed-up the moderation process !

Report comment dispatched to Kaizen by system 2021-10-22
Report edited by BloodyShell  2021-10-22
Report approved by BloodyShell  2021-10-22
New PDF report generated by system 2021-10-22
Report dispatched to ...@... by system 2021-10-22
Report marked as fixed by BloodyShell  2021-10-22
Report closed by BloodyShell  2021-10-22
New PDF report generated by system 2021-10-22
Report edited by BloodyShell  2021-10-23
New PDF report generated by system 2021-10-23
BloodyShell commented 2021-10-23: approved doesn't show in report

Done !

Report comment dispatched to Kaizen by system 2021-10-23
Information
Owner MAXIS
Created 2021-10-20 17:49
Updated 2021-10-23 17:21
Fixed true

Contacts
k...@gmail.com

Status
Status closed
Hosting contacted false
CERT contacted false

Download report