The Apache HTTP Server Project’s developers are advising users to deploy a fix as soon as possible to avoid zero-day vulnerability.
A validation bypass bug, a denial-of-service issue, NULL pointer dereference, and a severe Server-Side Request Forgery (SSRF) vulnerability were all fixed with the release of Apache HTTP Server version 2.4.49.
The update, however, inadvertently introduced a distinct, serious flaw: a path traversal vulnerability that can be used to map and leak files.
The security flaw – CVE-2021-41773 – was identified by Ash Daulton of the cPanel security team in a change made to path normalization in the server software.
To Read More: ZDnet
For more such updates follow us on Google News ITsecuritywire News.