Two days ago, The Apache Foundation disclosed a path traversal and file disclosure flaw in Apache HTTP Server 2.4.49 (an open-source web server for Unix and Windows that is among the most widely used web servers), tracked as CVE-2021-41773, as actively being exploited in the wild. The advisory does not indicate when exploitation of CVE-2021-41773 was detected, but the exploitation drove the expedited release of a patch by Apache.
This is a threat because a bad actor could exploit this vulnerability and gain access to database credentials through the web server, leading to leaked sensitive content, like source code, passwords, configuration files and other confidential information.
These issues only impact Apache HTTP Server 2.2.49, and a patch is now available. It is important that anyone running Apache HTTP Server 2.4.49 update immediately.
If you’re interested in learning more or are impacted by this vulnerability, our security experts are here to help. We’ve got your back!