---

UPDATE NOW: CVE-2021-42013 Vulnerability in Apache httpd Allows Access Outside the Site Root Directory

A new attack vector was found against the Apache http server, which remained unpatched in the 2.4.50 update and allows access to files from areas outside the root directory of the site. In addition, researchers have found a way that, in the presence of certain non-standard settings, not only read system files but also remotely execute their code on the server. The problem only manifests itself in releases 2.4.49 and 2.4.50, earlier versions of the vulnerability are not affected. To fix the new variant of the vulnerability, the release of Apache httpd 2.4.51 was promptly formed.