| VID |
22985 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of Apache httpd installed on the remote host is 2.4.49 prior to 2.4.51. It is, therefore, affected by a vulnerability as referenced in the 2.4.51 advisory.
- It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.
(CVE-2021-42013)
* References:
https://httpd.apache.org/security/vulnerabilities_24.html
* Platforms Affected:
Apache HTTP versions 2.4.x prior to 2.4.51
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache HTTP Server (2.4.51 or later), available from the Apache Software Foundation download site, http://httpd.apache.org/download.cgi |
| Related URL |
CVE-2021-42013 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
