Apache HTTP Server Zero-day Vulnerability Exploited in the Wild, Users Should Patch ASAP

Apache HTTP Server users have been advised to as soon as possible as a zero-day bug in the open-source cross-platform web server is actively being exploited in the wild. At this time, it seems that over 100.000 servers have been vulnerable to attacks.

A few days after the HTTP Server developers were notified about the , Apache Software Foundation released version 2.4.50 in order to address it. 

Cybersecurity specialist Ash Daulton was the one who found and reported the flaw to Apache HTTP Server on September 29, 2021.

The vulnerability exploited in the wild is tracked as CVE-2021-41773 and, according to researchers, is a path traversal and file disclosure flaw in the previous version (2.4.49). 

What Is Apache HTTP Server?

The Apache HTTP Server is a free and open-source cross-platform web server software, developed and maintained by an open community of developers under the guidance of the Apache Software Foundation.

Most of the open-source HTTP Server instances run on a Linux distribution but current versions also run on Windows, OpenVMS, and a wide variety of Unix-like systems.

An attacker could use a path traversal to map URLs to files outside the expected document root.

Read More: https://heimdalsecurity.com/blog/apache-http-server-zero-day-vulnerability-exploited-in-the-wild-users-should-patch-asap/