I never understood how Ubuntu manages Apache versions, so the question: is Ubuntu 20.04.03 LTS vulnerable to the CVE-2021-41773 (a path traversal attack to map URLs to files outside the expected document root)? More info on the vulnerability:
Asked
Active
Viewed 2,502 times
1
-
5Does this answer your question? [How can I tell if a CVE has been fixed in Ubuntu's repositories?](https://askubuntu.com/questions/563408/how-can-i-tell-if-a-cve-has-been-fixed-in-ubuntus-repositories) – Bruni Oct 06 '21 at 07:47
-
@Bruni, no it does not. If I search https://ubuntu.com/security/cve?q=CVE-2021-41773 it returns 0 results. Also, as I understand, the vulnerability exists only in Apache 2.4.49, but not in 2.4.50 or 2.4.48, but Ubuntu 20.04.3 LTS shows Apache/2.4.41 no matter how many updates it has installed. So it may be vulnerable if they have merged changes from the v2.4.49. Or am I wrong? – Maris B. Oct 06 '21 at 08:08
-
only security patches from later versions are patched (if any). – Bruni Oct 06 '21 at 08:26
-
5@MarisB. It's second in the list in https://ubuntu.com/security/cve?q=&package=apache2 and all releases are marked as "Not vulnerable" – muru Oct 06 '21 at 08:38
1 Answers
6
Ubuntu 20.04 is reported to be not vulnerable:
https://ubuntu.com/security/cve-2021-41773
This is also true for 20.04.03
Bruni
- 10,180
- 7
- 55
- 97