Users Advised To Patch Fixed Apache Zero-day Vulnerability

Share post:

The Apache Software Foundation has fixed two vulnerabilities, one of which has been actively exploited path traversal and file disclosure flaw in a recently released version 2.4.50 of the HTTP Web Server (an open source, cross-platform web server) and the second vulnerability, a zero pointer deference tracked as CVE-2021-41524.

The zero-day vulnerability in question, traced as CVE-2021-41773, allows attackers to map URL files outside the expected document root by launching a path traversal attack. The attack involves sending requests to access backend or sensitive server directories that are normally out of reach, causing interpreted files such as CGI scripts leak.

The second vulnerability, discovered while processing HTTP/2 requests three weeks ago, allows attackers to perform a DDoS attack on a server. Though it is not being actively exploited, it has also been infected in the current version 2.4.50, after it was discovered in late September.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways