Close
 

Technical Advisory – CVE-2021-41773

Apache HTTP Server version 2.4.49 and 2.4.50 are impacted by a path traversal attack and in certain configurations a remote code execution vulnerability.

Based upon server header information, at least 110,000 servers are currently exposed (as of 8th Oct 2021).

US CERT noted that “CISA is also seeing ongoing scanning of vulnerable systems, which is expected to accelerate, likely leading to exploitation. CISA urges organizations to patch immediately if they haven’t already—this cannot wait until after the holiday weekend.”

Fix

Upgrade to Apache HTTP Server version 2.4.51

Links

https://us-cert.cisa.gov/ncas/current-activity/2021/10/07/apache-releases-http-server-version-2451-address-vulnerabilities

https://httpd.apache.org/security/vulnerabilities_24.html

 

 
© 2021 Clarus Security | Privacy policy
Website by Wee Cog
This site uses cookies.
ConfigureHide Options
 
Read our privacy policy

This site uses cookies for marketing, personalisation, and analysis purposes. You can opt out of this at any time or view our full privacy policy for more information.