On October 7, 2021, the Apache Software Foundation released Apache HTTP Server version 2.4.51 to address Path Traversal and Remote Code Execution vulnerabilities (CVE-2021-41773, CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50. These vulnerabilities have been exploited in the wild. CISA is also seeing ongoing scanning of vulnerable systems affected by CVE-2021-41773 and CVE-2021-42013 and it’s expected to accelerate, likely leading to exploitation.
Read full article on US-CERT