Security information about Apache HTTP Serve

Posted at Friday, October 08, 2021

There is another path traversal vulnerability in Apache HTTP Server 2.4.50 that was discovered in 2.4.49.
It seems that an attack that exploits this vulnerability has already been confirmed.
This vulnerability may allow files outside the document root to be ingested.
If you are using 2.4.49 or 2.4.50, please update to 2.4.51.

Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project
(https://httpd.apache.org/security/vulnerabilities_24.html)

Alert regarding Apache HTTP Server path traversal vulnerability (CVE-2021-41773)
(https://www.jpcert.or.jp/at/2021/at210043.html)