CVE-2021-41773-EXPLOIT

A critical vulnerability has been discovered in Apache HTTP Server 2.4.49. The flaw relates to a recent change in path normalization, enabling attackers to conduct path traversal attacks by mapping URLs to files located outside the designated document root. Successful exploitation is possible if files outside the document root lack proper protection, specifically the "require all denied" directive. This vulnerability also poses a risk of source code leakage for interpreted files such as CGI scripts. It is important to note that this vulnerability is actively being exploited. Apache version 2.4.49 is specifically affected, while earlier versions are not impacted.