CVE STALKER

CVE-2021-43557

CVSS
DESCRIPTIONThe uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer's custom plugin.
HEAT SCORE210

WORDS

TWEETS

DATE TWEETS USER
2021-12-01 20:40:09#exploit CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable https://t.co/aSXhZ7D0jR ]-> PoC: https://t.co/sHBvdbjttl https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable https://github.com/xvnpw/k8s-CVE-2021-43557-pocksg93rd
2021-12-01 14:12:09CVE-2021-43557: Ciekawa podatność Path Traversal w API Gateway (Apache APISIX). Lukę znalazł Marcin Niemiec, który… https://t.co/ACQcn8KXwe https://twitter.com/i/web/status/1466044697323921422Sekurak
2021-11-30 08:20:36CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable https://t.co/bcDkf9dylk #Pentesting #CVE #CyberSecurity #Infosec https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable/Anastasis_King
2021-11-28 10:00:04CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable - xvnpw personal blog https://t.co/QgOkLPE6sy https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable/Securityblog
2021-11-26 17:33:46New post from https://t.co/9KYxtdZjkl (CVE-2021-43557 (apisix)) has been published on https://t.co/p2efOc335n http://www.sesin.at https://www.sesin.at/2021/11/26/cve-2021-43557-apisix/www_sesin_at
2021-11-26 17:32:57New post from https://t.co/uXvPWJy6tj (CVE-2021-43557 (apisix)) has been published on https://t.co/GPLCT4CDta http://www.sesin.at https://www.sesin.at/2021/11/26/cve-2021-43557-apisix/WolfgangSesin
2021-11-26 16:03:38CVE-2021-43557 - https://t.co/OA0o2Ajehi #Uncategorized #cybersecurity https://www.redpacketsecurity.com/cve-2021-43557/RedPacketSec
2021-11-26 15:52:18🚨 NEW: CVE-2021-43557 🚨 The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification.… https://t.co/4E57pBLnSU https://twitter.com/i/web/status/1464260044673986565threatintelctr
2021-11-26 08:01:12#bugbountytips #bugbounty CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable 1. Exploitation 2… https://t.co/9a2hFRKCyy https://twitter.com/i/web/status/1464140539394027520cycatz2
2021-11-25 21:00:07CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable https://t.co/SCe3AhyZRH #Pentesting #CVE… https://t.co/q4l6bswHqk https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable/ https://twitter.com/i/web/status/1463974319369895946ptracesecurity
2021-11-25 20:40:05Today I publish my research on Kong and F5 NGINX ingresses regarding CVE-2021-43557. What is interesting all @nginx… https://t.co/jYV5Sn1oLE https://twitter.com/i/web/status/1463970191356874759xvnpw
2021-11-25 07:50:15CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable Article: https://t.co/pWe9MS14xF #poc:… https://t.co/4FK8qMgn3g https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable/ https://twitter.com/i/web/status/1463776574680014849MaKyOtOx
2021-11-25 04:59:01Next article in series of research regarding CVE-2021-43557. This time checking Emissary: https://t.co/Vpzo8ah0YQ https://xvnpw.github.io/posts/path_traversal_in_authorization_context_in_emissary/xvnpw
2021-11-24 11:40:07CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable https://t.co/UXgB3MUVOz https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable/HermCardona
2021-11-24 02:50:55CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable: Posted by Zexuan Luo on Nov 22Severity: mode… https://t.co/JLS25RybpR https://twitter.com/i/web/status/1463334068234321921oss_security
2021-11-24 02:50:35Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable: Posted by Marcin Niemiec on Nov 22Hi, Lo… https://t.co/MVXV2QslZo https://twitter.com/i/web/status/1463334073770803210oss_security
2021-11-24 02:50:16Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable: Posted by Zhiyuan Ju on Nov 23Hi, Thanks… https://t.co/ZsHBPWiUcc https://twitter.com/i/web/status/1463334079332446214oss_security
2021-11-23 09:00:21CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable 🔗https://t.co/6rPomdYqRF #cybersecurity… https://t.co/BOPzipexxq https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable/ https://twitter.com/i/web/status/1463069243541540866aufzayed
2021-11-23 08:17:15CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable #/bin/bash kubectl exec -it -n ingress-apis… https://t.co/QCyoFM69Cw https://twitter.com/i/web/status/14630567693961830440x0021h
2021-11-23 08:13:55CVE-2021-43557 The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $req… https://t.co/bE7pwur0GF https://twitter.com/i/web/status/1463057189145395202threatmeter
2021-11-23 07:51:52CVE-2021-43557 Apache APISIX Path traversal in request_uri variable https://t.co/KOune3t93Nchybeta
2021-11-22 21:00:30My first CVE is here :) CVE-2021-43557. If interested, read my blog post about it: https://t.co/UdkMDTty6w Thanks t… https://t.co/HMwN1wAKHE https://xvnpw.github.io/posts/cve_2021_43557_apache_apisix_path_traversal_in_request_uri_variable/ https://twitter.com/i/web/status/1462885231959199757xvnpw
2021-11-22 14:00:11CVE-2021-43557 shall henceforth be named Misguided Ant https://t.co/OAHLcFFb02 https://nvd.nist.gov/vuln/detail/CVE-2021-43557vulnonym
2021-11-22 12:00:22New post from https://t.co/9KYxtdZjkl (CVE-2021-43557) has been published on https://t.co/Rqf3REqI96 http://www.sesin.at https://www.sesin.at/2021/11/22/cve-2021-43557/www_sesin_at
2021-11-22 12:00:20New post from https://t.co/uXvPWJy6tj (CVE-2021-43557) has been published on https://t.co/twtXIcMTQQ http://www.sesin.at https://www.sesin.at/2021/11/22/cve-2021-43557/WolfgangSesin
2021-11-22 11:50:07CVE-2021-43557 The uri-block plugin in Apache APISIX before 2.10.2 uses ... https://t.co/2GQjlv6miH Don't wait v… https://t.co/yrvwPgnncb http://vulmon.com/vulnerabilitydetails?qid=CVE-2021-43557 https://twitter.com/i/web/status/1462747819824062468VulmonFeeds
2021-11-22 09:50:11CVE-2021-43557 The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $req… https://t.co/o7QhaakmzS https://twitter.com/i/web/status/1462718804627267588CVEnew
2021-11-22 08:30:03CVE-2021-43557 : The uri-block plugin in #Apache APISIX before 2.10.2 uses $request_uri without verification. The $… https://t.co/EWRz2gJYef https://twitter.com/i/web/status/1462699785648066565CVEreport