Components Affected
✻ Apache HTTP Server Version 2.4.49
Overview
A critical vulnerability was found in the Apache HTTP Server 2.4.49V (CVE-2021-41773). This vulnerability will allow an attacker to perform a path traversal attack on the targeted system. Successful exploitation of this vulnerability allows an attacker to access and gather sensitive files on the affected server.
Description
The vulnerability enables attackers to use path traversal attacks to map URLs to files outside the expected document root. If the files outside of the document root are not protected with correct permissions these requests can succeed.
Impact
✻ Expose sensitive information
✻ Access to arbitrary files outside of the document root
Solution/ Workarounds
Administrators are advised to patch the affected Apache HTTP servers to the latest version 2.4.50.
Reference
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.