Original Issue Date: October 08, 2021
Severity Rating: High
Systems Affected
Apache HTTP Server version 2.4.49 and 2.4.50
Overview
A vulnerability has been reported in Apache HTTP Server which could be exploited by a remote attacker to execute arbitrary code on the targeted system.
Description
This vulnerability exists in Apache HTTP server due to an insufficient fix for the path traversal vulnerability(CVE-2021- 41733).A remote attacker could exploit this vulnerability by sending specially crafted request to map URLs to files outside the directories configured by Alias-like directives.
Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code, if CGI scripts are also enabled for these aliased paths, and may result in complete compromise of vulnerable system.
Solution
Upgrade to Apache HTTP server version 2.4.51
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-4201