Apache HTTP Server 2.4.49 Vulnerability

October 7, 2021 Katie McCullough, OneNeck CISO

Two days ago, The Apache Foundation disclosed a path traversal and file disclosure flaw in Apache HTTP Server 2.4.49 (an open-source web server for Unix and Windows that is among the most widely used web servers), tracked as CVE-2021-41773, as actively being exploited in the wild. The advisory does not indicate when exploitation of CVE-2021-41773 was detected, but the exploitation drove the expedited release of a patch by Apache.

This is a threat because a bad actor could exploit this vulnerability and gain access to database credentials through the web server, leading to leaked sensitive content, like source code, passwords, configuration files and other confidential information.

These issues only impact Apache HTTP Server 2.2.49, and a patch is now available. It is important that anyone running Apache HTTP Server 2.4.49 update immediately.

If you’re interested in learning more or are impacted by this vulnerability, our security experts are here to help. We’ve got your back!

 

 


Ransomware Preparedness Roundtable Offer

 

This post Apache HTTP Server 2.4.49 Vulnerability first appeared on OneNeck.

Previous Article
NOBELIUM is Targeting IT Service Providers. Here’s What You Need to Know.
NOBELIUM is Targeting IT Service Providers. Here’s What You Need to Know.

Today the Microsoft Threat Intelligence Center (MSTIC) released a statement regarding the threat actor, NOB...

Next Article
3 Reasons to Get Excited About Next-gen HCI
3 Reasons to Get Excited About Next-gen HCI

The uptake of hyperconverged infrastructure (HCI) over the last decade has been strong, for good reasons: t...