This is yet another iteration of the HTTPd component infection that arrives after a series of similar incidents reported around the industry affecting open-source components and cloud computing services. At a time when ransomware attacks are picking up again, and while 2021 is recording dangerous software vulnerabilities, considerable pressure is falling on security teams and developers to avoid writing insecure code.

Technical Details Surrounding The Linux AMI Security Flaws

CVE-2021-40438 CVE-2021-41773 CVE-2021-42013

CVE-2021-40438

CVE-2021-41773

A critical risk vulnerability, type Path Traversal. The vulnerability allows a remote attacker to perform directory traversal attacks and exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request to map URLs to files outside the expected document root. If files outside of the document root are not protected by “require all denied” these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. The vulnerability can be used to execute arbitrary OS commands on the system.

CVE-2021-42013

Safety Recommendations For Users

Software Vulnerability Successfully Exploited Within Amazon Linux AMI - 98Software Vulnerability Successfully Exploited Within Amazon Linux AMI - 84Software Vulnerability Successfully Exploited Within Amazon Linux AMI - 50Software Vulnerability Successfully Exploited Within Amazon Linux AMI - 4