Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)
Blog post created on 2021-09-08
On September 29, 2021, the Apache Security team was alerted to a path traversal vulnerability being actively exploited (zero-day) against Apache HTTP Server version 2.4.49 (CVE-2021-41773). In this post, I describe the vulnerability and mitigation options for users of the Cloudflare WAF. I briefly review exploit attempts as seen by the Cloudflare network.