The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an « incomplete fix » for an actively exploited path traversal and remote code execution flaw that it patched earlier this week.
CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773, a flaw that impacted Apache web servers running
Source de l’article sur The Hacker News