FortiClient VulnerabilityApache HTTP Server CVE-2021-41773 Path Traversal Vulnerability
Description
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. Also, an attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.
Outbreak Alert
Apache webservers running an older and vulnerable version of Apache 2.4.49 and 2.4.50 are still deployed on various could platforms. According to Shodan, 6000+ webservers could still be vulnerable to a path traversal attack and can eventually lead to remote code execution.
Affected Applications
Apache HTTP Server
Telemetry
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-10-08 | 1.270 | Apache HTTP Server |
CVE References
CVE-2021-41773Other References
https://httpd.apache.org/security/vulnerabilities_24.html| ID | 2711 |
| Created | Oct 07, 2021 |
| Description Updated |
May 31, 2024 |
| Outbreak Alert | Apache Path Traversal |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Apache |
| Patch | manual |
| Application | Apache HTTP Server |