High Threat Security Alert (A21-10-07): Vulnerability in Apache HTTP Server
08 October 2021
The Apache Software Foundation released a security update to address a vulnerability in the HTTP Server and its modules. The issue affects only Apache 2.4.49 and 2.4.50 and not earlier versions. A remote attacker could exploit the vulnerability by sending a specially crafted request to the affected systems.
Reports indicate that the vulnerability (CVE-2021-42013) is being exploited in the wild. You are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Apache HTTP Server version 2.4.49 and 2.4.50
Successful exploitation could lead to remote code execution on an affected system.
The Apache Software Foundation has released new version of the product to address the issues and they can be downloaded at the following URL: