Technical Advisory – CVE-2021-41773
Apache HTTP Server version 2.4.49 and 2.4.50 are impacted by a path traversal attack and in certain configurations a remote code execution vulnerability.
Based upon server header information, at least 110,000 servers are currently exposed (as of 8th Oct 2021).
US CERT noted that “CISA is also seeing ongoing scanning of vulnerable systems, which is expected to accelerate, likely leading to exploitation. CISA urges organizations to patch immediately if they haven’t already—this cannot wait until after the holiday weekend.”
Upgrade to Apache HTTP Server version 2.4.51