CVE-2021-45232 – Apache / APISIX – Missing authentication for critical function

January 6, 2022

CVE-2021-45232 is a missing authentication for critical function vulnerability impacting Apache APISIX versions 2.10.0 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2021-45232 is a missing authentication for critical function vulnerability impacting Apache APISIX versions 2.10.0 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

GitHub commit exploit –
https://github.com/wuppp/cve-2021-45232-exp

Known Counter Measures:

Apache addressed the vulnerability in APISIX version 2.10.1.

Links to patches(if available)

https://apisix.apache.org/downloads/

You may have missed

image

[QILIN] – Ransomware Victim: ebrso

November 5, 2024
image

[LYNX] – Ransomware Victim: Model Die & Mold

November 5, 2024
fbi

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

November 5, 2024
hackerone

HackerOne Bug Bounty Disclosure: overwrite-any-file-of-the-web-server-goedix

November 5, 2024
hackerone

HackerOne Bug Bounty Disclosure: open-redirect-via-redirect-to-parameter-in-tumblr-com-shivangmauryaa

November 5, 2024