Request a Demo
A Partnership to offer Advance Managed Security Services in Pakistan
October 6, 2021
Rewterz
Rewterz Threat Advisory – Multiple VMware vCenter Vulnerabilities
October 6, 2021

Rewterz Threat Advisory – CVE-2021-41616 – Apache Vulnerability Zero-Day Actively Exploited In The Wild

Severity

High

Analysis Summary

The Apache vulnerability, which has been assigned the CVE-2021-41773, is the consequence of a flaw in the Apache HTTP server 2.4.49’s path normalization logic, which resulted in a vulnerability. The flaw was exploited in the wild before being reported to the Apache organization, making it a zero-day vulnerability. Despite the fact that the problem only affects web servers using Apache “httpd” v2.4.49 and not previous versions, Search results reveal that there are approximately 112,000 Apache servers running that version around the world. 

CVE-2021-41773 

Apache HTTP Server could allow a remote attacker to traverse directories on the system, caused by a flaw was found in a change made to path normalization. An attacker could send a specially-crafted URL request to map URLs to files outside the expected document root.

Impact

  • Unauthorized Access

Affected Vendors

Apache

Affected Products

  • Apache HTTP Server 2.4.49

Remediation

Upgrade to the latest version of Apache HTTP Server, available from the Apache Web site.

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41773