Apache HTTP 2.4.49 Path Traversal and File Disclosure Update

07 Oct 2021 - Ralph Horn

Today we learned that the patches made by Apache in 2.4.50 can be bypassed, we have updated our casefile to tell that a mitigation is either to downgrade to 2.4.48 or to upgrade to 2.4.51. Therefore, we just updated case DIVD-2021-00027. The update addresses new information and steps needed mitigate this vulnerability.

The DIVD will be scanning worldwide to identify unpatched and thus vulnerable Apache HTTP servers and send notifications to our information sharing partners and individual network administrators.

Last modified: 18 Jan 2023 13:28

DIVD CSIRT

Apache HTTP 2.4.49 Path Traversal and File Disclosure Update