CVE-2021-41773

Confirmed PUBLISHED

Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

Apache Software Foundation · Apache HTTP Server
Exploited in the wild Active exploitation observed Used in malware PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
860
Unique Attacker IPs
272
CISA KEV
In CISA KEV
CVSS / EPSS
7.5 High EPSS 100.0%

At a Glance

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

metasploit ransomware cisa apache malware nuclei_scanner
CVE Published
Oct 05, 2021
Exploitation Reported
Nov 03, 2021
CVSS
7.5 High
EPSS
100.0%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Apache Software Foundation
Apache HTTP Server

Apache HTTP Server 2.4 2.4.49

Affected

CVE References

Show 24 more references

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.