Apache 2.4.49 Path Traversal and RCE

Impact: High


A vulnerability was discovered in Apache HTTP Server 2.4.49 related to changes made to path normalization. This flaw enables attackers to perform path traversal attacks, allowing them to map URLs to files located outside the expected document root. If files outside of the document root are not adequately protected by access controls, these requests can succeed. Additionally, if the mod_cgi module is enabled, attackers can exploit this vulnerability to execute arbitrary commands on the server.


To mitigate this vulnerability, it is recommended to upgrade Apache HTTP Server to the latest secure version available.


Last updated on May 13, 2024

This issue is available in SmartScanner Professional

See Pricing