PRIVATE_FEEDS/CVE_VULN_FEED/CVE-2021-41524-apache_httpd/alert_text.md

Date: 2021-10-05

A flaw was found in Apache HTTP Server where an attacker could use a path traversal attack to map URLs to files outside the expected document root.

If files outside of the document root are not protected by "require all denied" these requests can succeed.

This issue is known to be exploited in the wild.

This issue only affects Apache 2.4.49 and not earlier versions.

CVE : CVE-2021-41773 Vendor : Apache Product : HTTPD

Patches : available Exploits : private exploits

we found various IPs in your ORG/ASN, matching criteria for possible vulnerable systems

False-Positive-Level: unlikely

please find a list of affected IPs below and more information on that problem here:

References:

• https://httpd.apache.org/security/vulnerabilities_24.html