CVE-2021-36701 – CVE-2021-36701 is an arbitrary file deletion vu... (How to Fix)

Q: What is the severity of CVE-2021-36701?

CVE-2021-36701 has a CVSS score of 9.1 (CRITICAL). CVE-2021-36701 is an arbitrary file deletion vulnerability in htmly version 2.8.1 that allows remote attackers to delete known files on the host system. This affects all users running the vulnerable version of htmly, particularly those with internet-facing installations.

📋 TL;DR

CVE-2021-36701 is an arbitrary file deletion vulnerability in htmly version 2.8.1 that allows remote attackers to delete known files on the host system. This affects all users running the vulnerable version of htmly, particularly those with internet-facing installations.

💻 Affected Systems

Products:

htmly

Versions: 2.8.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects htmly version 2.8.1 specifically. Earlier or later versions may not be vulnerable.

📦 What is this software?

Htmly by Htmly

View all CVEs affecting Htmly →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to OS corruption, data loss, or service disruption.

🟠

Likely Case

Deletion of web application files, configuration files, or user data causing service outages and data loss.

🟢

If Mitigated

Limited impact if proper file permissions and access controls prevent deletion of critical files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in the backup file deletion functionality and requires knowledge of file paths to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.2 or later

Vendor Advisory: https://github.com/danpros/htmly/issues/481

Restart Required: Yes

Instructions:

1. Backup your htmly installation and data. 2. Download htmly version 2.8.2 or later from the official repository. 3. Replace the existing installation with the updated version. 4. Restart the htmly service or web server.

🔧 Temporary Workarounds

Disable backup functionality

all

Temporarily disable the backup feature that contains the vulnerable code

# Modify htmly configuration to disable backup features
# Check configuration files for backup-related settings

Restrict file permissions

linux

Set strict file permissions to prevent deletion of critical files

chmod 644 /path/to/htmly/files
chown www-data:www-data /path/to/htmly/files

🧯 If You Can't Patch

Implement strict network access controls to limit access to htmly administration interface
Deploy web application firewall (WAF) rules to block suspicious file deletion requests

🔍 How to Verify

Check if Vulnerable:

Check the htmly version in the admin panel or by examining the application files. Version 2.8.1 is vulnerable.

Check Version:

Check htmly admin panel or examine version.txt in installation directory

Verify Fix Applied:

Verify the version is 2.8.2 or later and test backup deletion functionality with controlled test files.

📡 Detection & Monitoring

Log Indicators:

Unusual file deletion requests in web server logs
Multiple failed file deletion attempts
Requests to backup deletion endpoints with suspicious parameters

Network Indicators:

HTTP requests to backup deletion endpoints with file path parameters
Unusual traffic patterns to htmly administration interface

SIEM Query:

source="web_server" AND (uri="/admin/backup/delete" OR uri CONTAINS "backup") AND (status=200 OR status=500)

📊 Metadata

CVE ID: CVE-2021-36701

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Published: August 3, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/danpros/htmly/issues/481 Exploit,Third Party Advisory
https://github.com/danpros/htmly/issues/481 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON