<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3448621598664628523&zx=c7fc0759-578c-43d5-abd0-6ff00d803dac' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3448621598664628523&zx=c7fc0759-578c-43d5-abd0-6ff00d803dac' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1618281995222563&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-1618281995222563 -->

<link rel="stylesheet" href="https://fonts.googleapis.com/css2?display=swap&family=Playfair+Display&family=Indie+Flower&family=Open+Sans&family=Poppins"></head><body>

Apache web servers Flaw allows Hacker Access Root Files

Attackers are currently targeting Apache web servers. But only a certain version is threatened.

Admin

October 05, 2021

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to access files outside the document root directory of web servers based on Apache.

The path traversal vulnerability dubbed as CVE-2021-41773 only affects the Apache HTTP server version 2.4.49. This is CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that resides in Apache HTTP server version 2.4.49, where attackers could use special crafted URLs to view files outside the document root directory. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts.

Apache HTTP Server developers advice to the security mechanism is not active by default. So with this scenario, there is no official classification of the severity of the vulnerability. The Apache team rates the security update as "important ".

On the security advisory, the Apache team have stated that they have fixed the loopholes in the latest version of Apache HTTP Server 2.4.50. Another bug crept in in version 2.4.49, which has been corrected in the current version. By successfully exploiting the second loophole (CVE-2021-41524), attackers should be able to trigger DoS states with prepared HTTP / 2 requests.

Read Also

Share:

You may like these posts Show all

Post a Comment

<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/517362887-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY40NypTdej1Yg8TwPIdkNCcQNN37w:1713267901333';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3448621598664628523','//www.cyberkendra.com/2021/10/apache-web-servers-flaw-allows-hacker.html','3448621598664628523');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3448621598664628523', 'title': 'Cyber Kendra', 'url': 'https://www.cyberkendra.com/2021/10/apache-web-servers-flaw-allows-hacker.html', 'canonicalUrl': 'https://www.cyberkendra.com/2021/10/apache-web-servers-flaw-allows-hacker.html', 'homepageUrl': 'https://www.cyberkendra.com/', 'searchUrl': 'https://www.cyberkendra.com/search', 'canonicalHomepageUrl': 'https://www.cyberkendra.com/', 'blogspotFaviconUrl': 'https://www.cyberkendra.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'G-YN9DJXCC22', 'analytics4': true, 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Kendra - Atom\x22 href\x3d\x22https://www.cyberkendra.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Cyber Kendra - RSS\x22 href\x3d\x22https://www.cyberkendra.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Kendra - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3448621598664628523/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Kendra - Atom\x22 href\x3d\x22https://www.cyberkendra.com/feeds/5538393097403977954/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-1618281995222563', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/2409974e622e3273', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'item', 'postId': '5538393097403977954', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdXSX5bGAVhJyUMbI4ZVnIiKUAVoDY8y84fy1j2G04L9t7d65BSCK-4H6XPs1Qt2rS75p9JJjJIaJvZ6hbsTTBjffhHbgRtD7n5m4YhMv8-byLaFfkNXXITaAsYQL4tdj9HdkmScU_SKg/s72-w640-c-h360/apache2-640x360_11zon%25281%2529.webp', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdXSX5bGAVhJyUMbI4ZVnIiKUAVoDY8y84fy1j2G04L9t7d65BSCK-4H6XPs1Qt2rS75p9JJjJIaJvZ6hbsTTBjffhHbgRtD7n5m4YhMv8-byLaFfkNXXITaAsYQL4tdj9HdkmScU_SKg/w640-h360/apache2-640x360_11zon%25281%2529.webp', 'pageName': 'Apache web servers Flaw allows Hacker Access Root Files', 'pageTitle': 'Cyber Kendra: Apache web servers Flaw allows Hacker Access Root Files', 'metaDescription': 'Attackers are currently targeting Apache web servers. But only a certain version is threatened.'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Apache web servers Flaw allows Hacker Access Root Files', 'description': 'Attackers are currently targeting Apache web servers. But only a certain version is threatened.', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdXSX5bGAVhJyUMbI4ZVnIiKUAVoDY8y84fy1j2G04L9t7d65BSCK-4H6XPs1Qt2rS75p9JJjJIaJvZ6hbsTTBjffhHbgRtD7n5m4YhMv8-byLaFfkNXXITaAsYQL4tdj9HdkmScU_SKg/w640-h360/apache2-640x360_11zon%25281%2529.webp', 'url': 'https://www.cyberkendra.com/2021/10/apache-web-servers-flaw-allows-hacker.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 5538393097403977954}}, {'name': 'widgets', 'data': [{'title': 'Template Code (Do not disable)', 'type': 'HTML', 'sectionId': 'settings', 'id': 'HTML6'}, {'title': 'Cyber Kendra (Header)', 'type': 'Header', 'sectionId': 'header', 'id': 'Header1'}, {'title': 'Social Media Link', 'type': 'LinkList', 'sectionId': 'section', 'id': 'LinkList1'}, {'title': '', 'type': 'HTML', 'sectionId': 'header_bottom_widget', 'id': 'HTML3'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'main', 'id': 'Blog1', 'posts': [{'id': '5538393097403977954', 'title': 'Apache web servers Flaw allows Hacker Access Root Files', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdXSX5bGAVhJyUMbI4ZVnIiKUAVoDY8y84fy1j2G04L9t7d65BSCK-4H6XPs1Qt2rS75p9JJjJIaJvZ6hbsTTBjffhHbgRtD7n5m4YhMv8-byLaFfkNXXITaAsYQL4tdj9HdkmScU_SKg/w640-h360/apache2-640x360_11zon%25281%2529.webp', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'On'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}], 'allBylineItems': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'On'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': ''}]}, {'title': 'Advertisement', 'type': 'HTML', 'sectionId': 'top_ads', 'id': 'HTML90'}, {'title': 'Advertisement', 'type': 'HTML', 'sectionId': 'middle_ads_2', 'id': 'HTML93'}, {'title': 'Advertisement', 'type': 'HTML', 'sectionId': 'matched_content_ads', 'id': 'HTML7'}, {'title': 'Trending!', 'type': 'PopularPosts', 'sectionId': 'sidebar', 'id': 'PopularPosts1', 'posts': [{'title': ' Pirate Bay Proxy List 2024: Unblock The Pirate bay33 [April Updated]', 'id': 7709902560608743927}, {'title': 'ExtraTorrents Proxy List 2024 To Unblock Extratorrent', 'id': 7687163451941064055}, {'title': '\x22BatBadBut\x22 Vulnerability Discovered in Rust Standard Library on Windows', 'id': 8323223198326793618}, {'title': '1337x Proxy List 2024: Your Guide to Safe and Legal Torrenting', 'id': 1078991593587710032}, {'title': 'Download ExaGear APK + obb - Windows Emulator for Android', 'id': 3731719425182612328}, {'title': 'YIFY Proxy List (YTS) 2024 - Working Updated', 'id': 3633437093078317981}]}, {'title': 'Table of Contents', 'type': 'HTML', 'sectionId': 'toc_auto', 'id': 'HTML8'}, {'title': 'Follow Us', 'type': 'LinkList', 'sectionId': 'footer_widgets', 'id': 'LinkList10'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML6', 'settings', document.getElementById('HTML6'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'header', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList1', 'section', document.getElementById('LinkList1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML3', 'header_bottom_widget', document.getElementById('HTML3'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML90', 'top_ads', document.getElementById('HTML90'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML93', 'middle_ads_2', document.getElementById('HTML93'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML7', 'matched_content_ads', document.getElementById('HTML7'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'sidebar', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML8', 'toc_auto', document.getElementById('HTML8'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'footer_widgets', document.getElementById('LinkList10'), {}, 'displayModeFull'));
</script>
</body>