Security News > 2021 > October > Actively exploited Apache 0-day also allows remote code execution
These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution abilities.
The path traversal vulnerability in Apache's HTTP server, first reported by BleepingComputer, has actively been exploited in the wild before the Apache project was notified of the flaw in September, or had a chance to patch it.
Attackers can abuse Apache servers running version 2.4.49 not only to read arbitrary files but also to execute arbitrary code on the servers.
Security researcher Hacker Fantastic noted that the flaw soon turns into a Remote Code Execution vulnerability on a Linux system if the server is configured to support CGI via mod cgi.
Although Shodan queries run by BleepingComputer show over 112,000 Apache servers are running the vulnerable 2.4.49 version, not all servers may be at risk.
Server administrators should ensure their Apache HTTP server instances are running patched versions 2.4.50 and above.