Jump to content

HTTP/Exploit.CVE-2021-41773 on a Apache Tomcat server


Go to solution Solved by Nevermind,

Recommended Posts

Hello,

 

Just a quick (global) question:

 

We have a webserver containing an instance of Apache Tomcat version 9 (not fully up-to-dat).

The server also has ESET Server Security version 9 on it.

Once in a while ESET Server Security detects an attempt to exploit HTTP/Exploit.CVE-2021-41773 on the Tomcat.exe process.

The exploit is bound to a vulnerability in Apache HTTPD instead of Tomcat.

 

Would that be an attempt of the attacker to try if the webserver accidentally has a vulnerable httpd version on it, what is triggering ESET to detect the exploit attempt? Could it be a  FP, because Tomcat.exe is not vulnerable to this exploit, or could something else be the reason ESS is triggered?

 

Thanks!

Link to comment
Share on other sites

  • Solution

Hey Markwd,

thats a network detection only (ie its neither a file nor memory detection). The way I see it someone tries whether your server is vulnerable to this exploit. If you have logging enabled you can check if there are any requests similar to this:
hxxp://<your_server>/cgi-bin/.%2e/%2e%2e/%2e%2e....

(src: https://github.com/thehackersbrain/CVE-2021-41773/blob/main/exploit.py)

ESET doesnt check whether you are actually running a vulnerable software or not. It sees an exploit attempt -> it displays a detection window.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...