DESCRIPTION:
A path traversal and remote code execution flaw (CVE-2021-42013) was found in Apache HTTP Server. A remote attacker could use this flaw to map URLs to files outside the expected document root. Additionally, this flaw could leak the source of interpreted files like CGI scripts. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed.
AFFECTED RELEASES:
Apache HTTP Server 2.4.49 and 2.4.50
SOLUTION:
Users and system administrators of affected products are advised to apply the security updates immediately from the following URL:
https://httpd.apache.org/security/vulnerabilities_24.html
REFERENCE:
1. https://httpd.apache.org/security/vulnerabilities_24.html
2. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ
3. https://www.openwall.com/lists/oss-security/2021/10/07/6