Apache HTTP 2.4.49 Path Traversal and File Disclosure Update
07 Oct 2021 - Ralph Horn
Today we learned that the patches made by Apache in 2.4.50 can be bypassed, we have updated our casefile to tell that a mitigation is either to downgrade to 2.4.48 or to upgrade to 2.4.51. Therefore, we just updated case DIVD-2021-00027. The update addresses new information and steps needed mitigate this vulnerability.
The DIVD will be scanning worldwide to identify unpatched and thus vulnerable Apache HTTP servers and send notifications to our information sharing partners and individual network administrators.