apache http server research paper
Security Research

CVE 2021-42013 - Recent Vulnerabilities in Apache HTTP Server

This document aims at explaining some recent vulnerabilities in Apache HTTP Server that leads to attacks like Path Traversal and Remote Code Execution. A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by “require all denied” these requests can succeed.

Key Pointers:
  • Understanding the vulnerability
  • Looking at the criticality and the CVSS score of the CVE
  • Covering about the scope of impact
  • Learning how to mitigate the vulnerability
  • Setting up the lab and understanding the exploitation scenario
  • Performing the exploit in lab environment

Brands that
trust our competence

Explore more
kfc logo
discover logo
adp logo
adbed bath beyond logo
expedia logo
chipotle logo
Mosaic Insurance logo
dell logo
fannie-mae logo
 maersk logo
 gsk logo
 wiz logo
 bt logo