Apache HTTP Web Server Vulnerability | October 2021

Threat actors are exploiting a critical vulnerability, CVE-2021-41773, in Apache HTTP Web Server. Here's what you need to know.

Background

On October 4, 2021, Apache Software Foundation released an updated version of their web server to fix two vulnerabilities  present on Apache version 2.4.49. Attackers are leveraging the zero-day vulnerability, CVE-2021-41773, to view files outside of the website root directory and execute arbitrary code on the servers. 

Quick facts: what you need to know now

  • Unauthorized users can also modify file permissions to allow for the ability to remotely execute files on the server.
  • Unauthorized users could potentially view files outside of the webroot which could contain sensitive system information that could facilitate further attacks against the web server.
  • This vulnerability is being exploited in the wild.

Next Steps for All Apache HTTP Web Server Customers:

  1. Identify if your organization is using Apache HTTP Web Server, and immediately patch the device to the latest version 2.4.50
  2. Review Apache web server logs to look for evidence of successful directory traversal attacks (indications of "../../../" in the log files) or suspicious behavior.
  3. If you find any suspicious activity, immediately notify Corvus of a potential claim via the email or hotline listed on your policy.  We will then connect you to counsel and a forensics firm to ensure your organization properly investigates, mitigates, and responds to the threat.

If you have any questions, please reach to the Risk + Response Team at services@corvusinsurance.com!