Original release date: October 7, 2021
On October 7, 2021, the Apache Software Foundation released Apache HTTP Server version 2.4.51 to address Path Traversal and Remote Code Execution vulnerabilities (CVE-2021-41773, CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50. These vulnerabilities have been exploited in the wild.
CISA is also seeing ongoing scanning of vulnerable systems, which is expected to accelerate, likely leading to exploitation. CISA urges organizations to patch immediately if they haven’t already—this cannot wait until after the holiday weekend.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of…
CISA released five Industrial Control Systems (ICS) advisories on May 29, 2025. These advisories provide…
CISA released one Industrial Control Systems (ICS) advisory on May 27, 2025. These advisories provide…
This website uses cookies.