Apache HTTP Server Path Traversal Vulnerability
Attackers still targeting Apache Path Traversal vulnerability in high volumes
Apache webservers running an older and vulnerable version of Apache 2.4.49 and 2.4.50 are still deployed on various could platforms. According to Shodan, 6000+ webservers could still be vulnerable to a path traversal attack and can eventually lead to remote code execution. Learn More »
Common Vulnerabilities and Exposures
Background
Apache HTTP Server Project released a security advisory about a year ago on a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 and 2.4.50 tracked as CVE-2021-41773 and CVE-2021-42013.
Threat Radar Overall Score: 4.8
CVSS Rating | 9.0 | |
FortiRecon Score | 92/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 97.46% | |
FortiGuard Telemetry | 59347 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
October 7, 2021: Apache released update 2.4.51 which fixes both CVE-2021-41773 and CVE-2021-42013.
September 12, 2022: According to FortiGuard research, CVE-2021-42013 and CVE-2021-41773 are seen in high attack attempts worldwide with an average of 40,000 device detections. It is strongly advised to update vulnerable Apache servers as soon as possible if not already updated. June 8, 2022: Latest Apache HTTP Server version 2.4.54 released.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Web App Security
-
Outbreak Detection
-
Threat Hunting
-
Content Update
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
Vulnerability Detects systems vulnerable to the Apache Path Traversal Vulnerability, and auto-patches when possible. (CVE-2021-42013, CVE-2021-41773)
IPS Block attack attempts related to Apache Path Traversal (CVE-2021-42013, CVE-2021-41773)
Web App Security Block attack attempts related to Apache Path Traversal (CVE-2021-42013, CVE-2021-41773)
Outbreak Detection
Threat Hunting
Content Update
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.