Issued: Thursday, 7 October, 2021 |
Last Revision: Thursday, 7 October, 2021 |
Vendor: |
Product: |
Severity Level: |
A path traversal and file disclosure vulnerability is found in Apache HTTP Server version 2.4.49. Reported vulnerability is exploited in wild and tracked as CVE-2021-41773.
This vulnerability was introduced due to change made in path normalization in version 2.4.49.
An attacker could exploit this weakness to gain access to arbitrary files outside of the document root, as well as leak the source code of interpreted files like CGI scripts that may contain sensitive information.
CVE | Description | CVSS3.0 Score |
CVE-2021-41773 | Path traversal and file disclosure vulnerability | N/A |
Table 1: Vulnerability details
Vulnerability / CVE | Affected Product(s) | Affected Version |
CVE-2021-41773 | Apache HTTP Server | 2.4.49 |
Table 2: Vulnerability Versions
As per Apache HTTP Server Project, upgrade to version 2.4.50 will fix the issue.