Intrusion PreventionApache.HTTP.Server.cgi-bin.Path.Traversal
Description
This indicates an attack attempt to exploit a Path Traversal Vulnerability in Apache HTTP Server.
The vulnerability is due to a path normalisation error in Apache HTTP Server. Successful exploitation can potentially lead to information disclosure.
Outbreak Alert
Apache webservers running an older and vulnerable version of Apache 2.4.49 and 2.4.50 are still deployed on various could platforms. According to Shodan, 6000+ webservers could still be vulnerable to a path traversal attack and can eventually lead to remote code execution.
View the full Outbreak Alert Report
View the full Outbreak Alert Report
View the full Outbreak Alert Report
FortiGuard Labs continue to observe widespread activity of Androxgh0st Malware in the wild exploiting multiple vulnerabilities, specifically targeting- the PHPUnit (CVE-2017-9841), Laravel Framework (CVE-2018-15133) and Apache Web Server (CVE-2021-41773) to spread and conduct information gathering attacks on the target networks
Affected Products
Apache HTTP Server 2.4.49, 2.4.50
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://httpd.apache.org/security/vulnerabilities_24.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-10 | 25.619 | Sig Added |
| 2021-11-18 | 18.199 | Sig Added |
| 2021-11-08 | 18.192 | Default_action:pass:drop |
| 2021-10-07 | 18.173 |
| ID | 50825 |
| Created | Oct 07, 2021 |
| Updated | Aug 09, 2023 |
| Outbreak Alert | Apache Path Traversal CISAtop20_PRC2022 2022 Annual Report Androxgh0st Malware |
| Risk |
|
| CVE ID | CVE-2021-42013 CVE-2021-41773 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.46% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Apache |