Outbreak AlertApache HTTP Server Path Traversal Vulnerability
Attackers still targeting Apache Path Traversal vulnerability in high volumes
Apache webservers running an older and vulnerable version of Apache 2.4.49 and 2.4.50 are still deployed on various could platforms. According to Shodan, 6000+ webservers could still be vulnerable to a path traversal attack and can eventually lead to remote code execution. Learn More »
Common Vulnerabilities and Exposures
Background
Apache HTTP Server Project released a security advisory about a year ago on a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 and 2.4.50 tracked as CVE-2021-41773 and CVE-2021-42013.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
October 7, 2021: Apache released update 2.4.51 which fixes both CVE-2021-41773 and CVE-2021-42013.
September 12, 2022: According to FortiGuard research, CVE-2021-42013 and CVE-2021-41773 are seen in high attack attempts worldwide with an average of 40,000 device detections. It is strongly advised to update vulnerable Apache servers as soon as possible if not already updated. June 8, 2022: Latest Apache HTTP Server version 2.4.54 released.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Web App Security
-
Outbreak Detection
-
Threat Hunting
-
Content Update
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Indicators of compromise
References
Sources of information in support and relation to this Outbreak and vendor.