Cisco Security Advisory - Apache HTTP Server Vulnerabilties: October 2021

Started by Netwörkheäd, October 13, 2021, 06:18:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Netwörkheäd

October 13, 2021, 06:18:45 PM
Apache HTTP Server Vulnerabilties: October 2021

On October 5, 2021 and October 7, 2021, the Apache Software Foundation released two security announcements for the Apache HTTP Server that disclosed the following vulnerabilities: 



  • CVE-2021-41524: Null Pointer Dereference Vulnerability

  • CVE-2021-41773: Path Traversal and Remote Code Execution Vulnerability

  • CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)


For descriptions of these vulnerabilities, see the Apache Security Announcement. For additional information, see the Cisco TALOS blog post, Threat Advisory: Apache HTTP Server zero-day vulnerability opens door for attackers.


Cisco investigated its product line and concluded that no Cisco products are affected by these vulnerabilities.  



     
         
Security Impact Rating:  Informational
   
   
       
CVE: CVE-2021-41524,CVE-2021-41773,CVE-2021-42013
Source: Apache HTTP Server Vulnerabilties: October 2021
Let's not argue. Let's network!
Print
Go Up Pages1
User actions