Return to forum
Apache 2.4.51
by - Thursday, January 1, 1970 at 12:00 AM
Hit & Hit again
GOD
Posts: 1270
Threads: 0
Joined: N/A
Reputation: 479

Donator IDonator IIActiveVIP GifterVIP GifterVIP GifterVIP Gifter
#1
September 21, 2022 at 7:42 AM
Hello, 
NetSparker considered out-of-date version Apache [Apache 2.4.51] a critical risk vulnerability.
does anyone here know how to exploit server with that apache version ? i just found this
by tenable https://www.tenable.com/plugins/was/113079
I'm willing to pay with MM


also on changelog
*) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
Credits: 漂亮é¼
TengMA(@Te3t123)
TG https://t.me/Valhalla0X0

Reply
Advanced User
Advanced
Posts: 90
Threads: 0
Joined: N/A
Reputation: 6

#2
September 21, 2022 at 7:53 PM
Are these issues resolved in the apache 2.4.54 version?
Reply
Internet
MVP
Posts: 929
Threads: 0
Joined: N/A
Reputation: 446

#3
September 21, 2022 at 8:59 PM
try those auxiliary/scanner form metasploit
Beneath this mask there is more than flesh. Beneath this mask there is an idea, and ideas are bulletproof.
Telegram

Reply
Hit & Hit again
GOD
Posts: 1270
Threads: 0
Joined: N/A
Reputation: 479

Donator IDonator IIActiveVIP GifterVIP GifterVIP GifterVIP Gifter
#4
September 22, 2022 at 9:09 AM
thanks guys
TG https://t.me/Valhalla0X0

Reply
Member
Member
Posts: 13
Threads: 0
Joined: N/A
Reputation: 0

#5
September 23, 2022 at 5:51 AM
i will update
Reply


 Users viewing this thread: Apache 2.4.51: No users currently viewing.