HomeLinuxApache Fixes Actively Exploited Internet Server Zero-day

Apache Fixes Actively Exploited Internet Server Zero-day


The Apache Software program Basis has launched a safety patch to handle a vulnerability in its HTTP Internet Server challenge that has been actively exploited within the wild. From a report: Tracked as CVE-2021-41773, the vulnerability impacts solely Apache internet servers working model 2.4.49 and happens due to a bug in how the Apache server converts between totally different URL path schemes (a course of known as path or URI normalization). “An attacker may use a path traversal assault to map URLs to information outdoors the anticipated doc root,” the ASF crew mentioned within the Apache HTTP Server 2.4.50 changelog. “If information outdoors of the doc root will not be protected by ‘require all denied’ these requests can succeed. Moreover this flaw may leak the supply of interpreted information like CGI scripts,” Apache engineers added. Greater than 120,000 servers at the moment uncovered on-line to assaults.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments