Skip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

Multiple Vulnerabilities in Apache HTTP server

By 8 October 2021 October 19th, 2021 CERT, SOC, Vulnerability
apache server

This blog contains information regarding multiple critical vulnerabilities in Apache HTTP server. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update Oktober 8, 2021

11.00 | Earlier this week, we informed you about new vulnerabilities in Apache HTTP server. At the time, we advised to update Apache HTTP server systems to the latest version (then 2.4.50). Yesterday evening, Apache advised that the patches did not fully resolve one of the vulnerabilities present (CVE-2021-41773). A new vulnerability was registered as CVE-2021-42013. Therefore, systems running version 2.4.50 are still vulnerable for a path traversal attack.

We advise to update Apache systems running version 2.4.49 or 2.4.50 with the latest version: 2.4.51.

Update Oktober 6, 2021

14:00 | Apache Software Foundation has published information regarding two vulnerabilities in Apache HTTP server. One critical vulnerability has been actively exploited in the wild. Updates have been made available to resolve these vulnerabilities.

Apache has published an overview of the vulnerabilities on their website.

Reason and background of this blog

This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.

Potential risk

The Vulnerability CVE-2021-41524 allows a remote attacker to perform a denial-of-service attack.

CVE-2021-41773 enables an attacker to map directories and files outside of the expected document root by launching a path traversal attack.

This vulnerability is known to be exploited in the wild.

Detail info

The vulnerabilities are present in Apache web server version 2.4.49.

Apache has published updates to resolve these vulnerabilities. Install these updates as soon as possible.

Background

More information about this vulnerability:

Apache has published updates to resolve these vulnerabilities. Install these updates as soon as possible.

Sources:
https://nvd.nist.gov/vuln/detail/CVE-2021-41773
https://httpd.apache.org/security/vulnerabilities_24.html

Subscribe

Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.