A Partnership to offer Advance Managed Security Services in Pakistan
October 6, 2021Rewterz Threat Advisory – Multiple VMware vCenter Vulnerabilities
October 6, 2021A Partnership to offer Advance Managed Security Services in Pakistan
October 6, 2021Rewterz Threat Advisory – Multiple VMware vCenter Vulnerabilities
October 6, 2021Severity
High
Analysis Summary
The Apache vulnerability, which has been assigned the CVE-2021-41773, is the consequence of a flaw in the Apache HTTP server 2.4.49’s path normalization logic, which resulted in a vulnerability. The flaw was exploited in the wild before being reported to the Apache organization, making it a zero-day vulnerability. Despite the fact that the problem only affects web servers using Apache “httpd” v2.4.49 and not previous versions, Search results reveal that there are approximately 112,000 Apache servers running that version around the world.
CVE-2021-41773
Apache HTTP Server could allow a remote attacker to traverse directories on the system, caused by a flaw was found in a change made to path normalization. An attacker could send a specially-crafted URL request to map URLs to files outside the expected document root.
Impact
- Unauthorized Access
Affected Vendors
Apache
Affected Products
- Apache HTTP Server 2.4.49
Remediation
Upgrade to the latest version of Apache HTTP Server, available from the Apache Web site.