Apache Fixes Exploited Zero-Day Vulnerability in HTTP Server 

8
Apache Fixes Exploited Zero-Day Vulnerability in HTTP Server

The Apache HTTP Server Project’s developers are advising users to deploy a fix as soon as possible to avoid zero-day vulnerability.

A validation bypass bug, a denial-of-service issue, NULL pointer dereference, and a severe Server-Side Request Forgery (SSRF) vulnerability were all fixed with the release of Apache HTTP Server version 2.4.49.

The update, however, inadvertently introduced a distinct, serious flaw: a path traversal vulnerability that can be used to map and leak files.

The security flaw – CVE-2021-41773 – was identified by Ash Daulton of the cPanel security team in a change made to path normalization in the server software.

To Read More: ZDnet

For more such updates follow us on Google News ITsecuritywire News.