Security News > 2021 > October > Apache emergency update fixes incomplete patch for exploited bug
Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability.
On Tuesday, Apache released Apache HTTP 2.4.50 to fix an actively exploited path traversal vulnerability in version 2.4.49.
"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," disclosed Apache in a security advisory.
With so many servers potentially vulnerable to remote code execution, it became even more critical for admins to update their Apache HTTP servers.
Today, Apache released version 2.4.51 after discovering that their previous fix for the actively exploited CVE-2021-41773 vulnerability was incomplete.
Due to this, it is strongly recommended that admins immediately upgrade their servers to Apache HTTP 2.4.51 to remove any attack vectors left after the previous patch.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-05 | CVE-2021-41773 | Path Traversal vulnerability in multiple products A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. | 7.5 |