The Apache Software program Basis has launched a safety patch to handle a vulnerability in its HTTP Internet Server challenge that has been actively exploited within the wild. From a report: Tracked as CVE-2021-41773, the vulnerability impacts solely Apache internet servers working model 2.4.49 and happens due to a bug in how the Apache server converts between totally different URL path schemes (a course of known as path or URI normalization). “An attacker may use a path traversal assault to map URLs to information outdoors the anticipated doc root,” the ASF crew mentioned within the Apache HTTP Server 2.4.50 changelog. “If information outdoors of the doc root will not be protected by ‘require all denied’ these requests can succeed. Moreover this flaw may leak the supply of interpreted information like CGI scripts,” Apache engineers added. Greater than 120,000 servers at the moment uncovered on-line to assaults.