Apache 2.4.49 Path Traversal and RCE
Impact: High
Description
A vulnerability was discovered in Apache HTTP Server 2.4.49 related to changes made to path normalization. This flaw enables attackers to perform path traversal attacks, allowing them to map URLs to files located outside the expected document root. If files outside of the document root are not adequately protected by access controls, these requests can succeed. Additionally, if the mod_cgi
module is enabled, attackers can exploit this vulnerability to execute arbitrary commands on the server.
Recommendation
To mitigate this vulnerability, it is recommended to upgrade Apache HTTP Server to the latest secure version available.
References
👉 You might also like:
Apache Struts 2 Forced double OGNL evaluation S2-059 - CVE-2019-0230
Apache Struts 2 RCE S2-045 - CVE-2017-5638
Apache Struts 2 REST plugin XStream RCE S2-052 - CVE-2017-9805
Apache Struts OGNL expression RCE S2-057 - CVE-2018-11776
Last updated on May 13, 2024