+44 (0) 1242 652100

Insights

Back to all posts

Apache Webserver Directory Traversal Vulnerability (CVE-2021-41773)

CVE-2021-41773 Apache Web 0day 

A new apache 0day vulnerability has just been announced that affects Apache version 2.4.49. “A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root.” Further information can be found here.

This would allow an attacker to retrieve sensitive files on the server, such as configuration files that contain credentials for example. Furthermore, researchers have found a way to leverage this into remote code execution – allowing an unauthenticated attacker to run commands on the affected server

The CVE is currently being exploited in the wild by malicious actors – as such we recommend all our clients to update to Apache HTTP Server 2.4.50 immediately if you are running the affected version (2.4.49).

About the author

Prism Social Icon
Prism Infosec
Prism Infosec’s innovative approach to the delivery of PCI projects and technical security testing was recognised with a PCI Award for Technical Excellence in January 2020. The award was presented for the delivery of a client project that was considered by the review panel to be an outstanding example of best practice.
Linkedin-in

Back to all posts

Insights

Browse more insights

Untitled design (6)
  • Blog Posts, Prism Infosec News
Introducing PRIMAL – The Prism Infosec Malware Analysis Lab
  • Blog Posts
Announcing Our Rebrand: A New Era of Cyber Resilience
Ransomware image
  • Blog Posts
UK Government Proposes Ban on Public Sector Ransomware Payments
Physical Breach Test
  • Blog Posts
Why bother with Physical Breach Tests?
How We Got Here
  • Blog Posts
How We Got Here: A Brief Reflection on Cybersecurity’s Foundations
IAB
  • Blog Posts
Initial Access Brokers – The Gateway to Ransomware and Supply Chain Attacks
ai_abuse
  • Blog Posts
Abuses of AI
IAB
  • Cyber security assessments
Initial Access Brokers – The Gateway to Ransomware and Supply Chain Attacks
Why not test in dev
  • Blog Posts
Why Not Test in Dev?
Back to all news
the-cyber-scheme
pci
Crest
cbest
CHECK Penetration Testing (Dark Logo)
Cyber Incident Exercising

Count On Us

Whether tackling a specific challenge or reviewing wider strategy, Prism Infosec brings the experience and practical support required to help organisations manage cyber security risk with confidence.

Speak to an expert
X-twitter Linkedin-in
Services
About us

© Prism Infosec Ltd 2025, a company registered in England and Wales #5985734. VAT Registration Number: GB 879 7957 24

Privacy Policy | Cookie Policy
Website by Shoga

Experiencing a security breach?
Contact the cyber security experts now

Prepare

Respond

Manage

About us
LuxisAI
Case studies
Sectors
Insights
Careers
Get in touch