CVE-2021-42013 – vulnerability fixed in httpd-2.4.51

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can …

CVE-2021-42013 – vulnerability fixed in httpd-2.4.51 Read More »