Http Server@2.4.49 Security Vulnerabilities and Issues — Http Server@2.4.49 CVE List

Lucene search

ApacheHttp Server2.4.49

3 matches found

CVE•added 2021/10/05 9:15 a.m.•2523 views

CVE-2021-41773

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configur...

7.5CVSS9.2AI score0.94428EPSS

CVE•added 2021/10/07 4:15 p.m.•2042 views

CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default co...

9.8CVSS9.4AI score0.94428EPSS

CVE•added 2021/10/05 9:15 a.m.•548 views

CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

7.5CVSS7.4AI score0.06586EPSS