Apache has published updates to address two security flaws that were exploited by hackers. The first flaw was discovered in Apache HTTP Server 2.4.49 after a modification was made to path normalization. CVE-2021-41773 has been assigned to it, and it can be exploited to map URLs to files outside of directories. It could also expose the source of interpreted files, such as CGI scripts, allowing RCE.
Users should apply patches for a file disclosure and path traversal weakness in Apache’s HTTP server, as well as a null pointer dereference in HTTP/2 fuzzing, as soon as possible. While the first weakness can be used to do RCE, the second flaw can be used to launch DoS assaults on the server.
To Read More: Cyware
For more such updates follow us on Google News ITsecuritywire News
