Apache HTTP server vulnerabilities
This blog contains information regarding multiple critical vulnerabilities in Apache HTTP server. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

T-Update
This blog contains information regarding multiple critical vulnerabilities in Apache HTTP server. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update Oktober 8, 2021
11.00 | Earlier this week, we informed you about new vulnerabilities in Apache HTTP server. At the time, we advised to update Apache HTTP server systems to the latest version (then 2.4.50). Yesterday evening, Apache advised that the patches did not fully resolve one of the vulnerabilities present (CVE-2021-41773). A new vulnerability was registered as CVE-2021-42013. Therefore, systems running version 2.4.50 are still vulnerable for a path traversal attack.
We advise to update Apache systems running version 2.4.49 or 2.4.50 with the latest version: 2.4.51.
Update Oktober 6, 2021
14:00 | Apache Software Foundation has published information regarding two vulnerabilities in Apache HTTP server. One critical vulnerability has been actively exploited in the wild. Updates have been made available to resolve these vulnerabilities.
Apache has published an overview of the vulnerabilities on their website.
Background
The vulnerabilities are present in Apache web server version 2.4.49. Apache has published updates to resolve these vulnerabilities. Install these updates as soon as possible.
Risk
The Vulnerability CVE-2021-41524 allows a remote attacker to perform a denial-of-service attack.
CVE-2021-41773 enables an attacker to map directories and files outside of the expected document root by launching a path traversal attack.
This vulnerability is known to be exploited in the wild.
Advice
Apache has published updates to resolve these vulnerabilities. Install these updates as soon as possible.
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.