LATEST CYBER SECURITY NEWS AND VIEWS

Home > News > Apache Webserver Directory Traversal Vulnerability (CVE-2021-41773)

Latest news

Apache Webserver Directory Traversal Vulnerability (CVE-2021-41773)

Posted on

CVE-2021-41773 Apache Web 0day 

A new apache 0day vulnerability has just been announced that affects Apache version 2.4.49. “A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root.” Further information can be found here.

This would allow an attacker to retrieve sensitive files on the server, such as configuration files that contain credentials for example. Furthermore, researchers have found a way to leverage this into remote code execution – allowing an unauthenticated attacker to run commands on the affected server

The CVE is currently being exploited in the wild by malicious actors – as such we recommend all our clients to update to Apache HTTP Server 2.4.50 immediately if you are running the affected version (2.4.49).

FILTER RESULTS

Latest tweets

A great conference @BSidesLondon, thanks for having us at #BSidesLDN2024! Looking forward to continuing the relationship next year!

Prism Infosec is proud to be a gold sponsor of @BSidesLondon 2024! Come and visit us on our stand and join in our cyber scavenger hunt! #CyberSecurity #bsides

Sign up to our newsletter

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.