This blog contains information regarding multiple critical vulnerabilities in Apache HTTP server. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update Oktober 8, 2021
11.00 | Earlier this week, we informed you about new vulnerabilities in Apache HTTP server. At the time, we advised to update Apache HTTP server systems to the latest version (then 2.4.50). Yesterday evening, Apache advised that the patches did not fully resolve one of the vulnerabilities present (CVE-2021-41773). A new vulnerability was registered as CVE-2021-42013. Therefore, systems running version 2.4.50 are still vulnerable for a path traversal attack.
We advise to update Apache systems running version 2.4.49 or 2.4.50 with the latest version: 2.4.51.
Update Oktober 6, 2021
14:00 | Apache Software Foundation has published information regarding two vulnerabilities in Apache HTTP server. One critical vulnerability has been actively exploited in the wild. Updates have been made available to resolve these vulnerabilities.
Apache has published an overview of the vulnerabilities on their website.
Reason and background of this blog
This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.
Potential risk
The Vulnerability CVE-2021-41524 allows a remote attacker to perform a denial-of-service attack.
CVE-2021-41773 enables an attacker to map directories and files outside of the expected document root by launching a path traversal attack.
This vulnerability is known to be exploited in the wild.
Detail info
The vulnerabilities are present in Apache web server version 2.4.49.
Apache has published updates to resolve these vulnerabilities. Install these updates as soon as possible.
Background
More information about this vulnerability:
Apache has published updates to resolve these vulnerabilities. Install these updates as soon as possible.
Sources:
https://nvd.nist.gov/vuln/detail/CVE-2021-41773
https://httpd.apache.org/security/vulnerabilities_24.html
Subscribe
Do you want to be informed in time? Sign up for our technical updates
Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.
Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.
