The Apache HTTP Server Project is a group of people working together to create and maintain an open-source, software-based HTTP server for modern operating systems such as UNIX and Windows. This technology is considered among the most widely used web servers on the internet. A Server-Side Request Forgery (SSRF) vulnerability (CVE-2021-40438) has been identified in Apache HTTP Server versions 2.4.48 and older. The vulnerability … Continue reading “Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)”
Tag: HTTP Server
Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)
The Apache Software Foundation has published additional security updates for its HTTP Server to remediate an incomplete fix for a path traversal and Remote Code Execution (RCE) vulnerability patched in the first week of October 2021 (CVE-2021-41773). CVE-2021-42013 is based upon a path normalization bug, which allowed an unauthenticated remote user to view files on the Apache Web … Continue reading “Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)”