Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Oct 2021 23:44:15 +0200
From: Solar Designer <>
Subject: Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

On Fri, Oct 08, 2021 at 11:27:37PM +0200, Yann Ylavic wrote:
> For completeness I'll add this tweet/blog from Stefan (OP) about the
> vulnerability and the fixes in httpd:

Thanks, but you just did that again...  For completeness, let's have the
actual content on the list, not only links to content.

That tweet above refers to "Apache httpd 2.4.50 post mortem" at:

I'm attaching the file above to this message.

This way, historians will be able to make full sense of the thread in
here even after Twitter and GitHub are gone. ;-)


View attachment "" of type "text/plain" (12917 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.