LATEST CYBER SECURITY NEWS AND VIEWS

Home > News > Apache Webserver Directory Traversal Vulnerability (CVE-2021-41773)

Latest news

Apache Webserver Directory Traversal Vulnerability (CVE-2021-41773)

Posted on

CVE-2021-41773 Apache Web 0day 

A new apache 0day vulnerability has just been announced that affects Apache version 2.4.49. “A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root.” Further information can be found here.

This would allow an attacker to retrieve sensitive files on the server, such as configuration files that contain credentials for example. Furthermore, researchers have found a way to leverage this into remote code execution – allowing an unauthenticated attacker to run commands on the affected server

The CVE is currently being exploited in the wild by malicious actors – as such we recommend all our clients to update to Apache HTTP Server 2.4.50 immediately if you are running the affected version (2.4.49).

FILTER RESULTS

Latest tweets

Phil Robinson, Principal Consultant at @prisminfosec, details how addressing cyber maturity can improve a business’ cybersecurity strategy.
#CyberMaturity #Cybersecurity

Click the link below to discover more⬇️

Congratulations to the following companies who are now certified to #CyberEssentials via our great Certification Bodies: Atlantic Limited via @prisminfosec and Ashbrook Research & Consultancy Ltd via @sericsystems

Sign up to our newsletter

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.