(Updated October 7, 2021)
Apache has released additional fixes for CVE-2021-41773, which is tracked as CVE-2021-42013. For more information see the Apache vulnerabilities page.
(Originally published October 6, 2021)
The Apache Software Foundation has released Apache HTTP Server version 2.4.50 to address two vulnerabilities. An attacker could exploit these vulnerabilities to take control of an affected system. One vulnerability, CVE-2021-41773, has been exploited in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache HTTP Server 2.4.50 vulnerabilities page and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.