LATEST CYBER SECURITY NEWS AND VIEWS

Home > News > Apache Webserver Directory Traversal Vulnerability (CVE-2021-41773)

Latest news

Apache Webserver Directory Traversal Vulnerability (CVE-2021-41773)

Posted on

CVE-2021-41773 Apache Web 0day 

A new apache 0day vulnerability has just been announced that affects Apache version 2.4.49. “A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root.” Further information can be found here.

This would allow an attacker to retrieve sensitive files on the server, such as configuration files that contain credentials for example. Furthermore, researchers have found a way to leverage this into remote code execution – allowing an unauthenticated attacker to run commands on the affected server

The CVE is currently being exploited in the wild by malicious actors – as such we recommend all our clients to update to Apache HTTP Server 2.4.50 immediately if you are running the affected version (2.4.49).

FILTER RESULTS

Latest tweets

Data #leakage is just one of numerous risks associated with #GenAI necessitating the use of an #AI #risk framework, as Phil Robinson explains via  @governance_and. #cybersecurity

We interview Phil Robinson, Principal Security Consultant and Founder at @prisminfosec, who shares his views on ethical hackers and the latest ransomware trends.

Sign up to our newsletter

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.