Intrusion PreventionApache.HTTP.Server.cgi-bin.Path.Traversal
Description
This indicates an attack attempt to exploit a Path Traversal Vulnerability in Apache HTTP Server.
The vulnerability is due to a path normalisation error in Apache HTTP Server. Successful exploitation can potentially lead to information disclosure.
Outbreak Alert
Apache webservers running an older and vulnerable version of Apache 2.4.49 and 2.4.50 are still deployed on various could platforms. According to Shodan, 6000+ webservers could still be vulnerable to a path traversal attack and can eventually lead to remote code execution.
View the full Outbreak Alert Report
Joint Cybersecurity Advisory (CSA) has released the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by Peoples Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). Previously, FortiGuard labs has already published various Outbreaks Alerts included in the released CISA's advisory such as: Apache Log4j, Hikvision Webserver Vulnerability, Atlassian Confluence OGNL RCE Vulnerability, Microsoft Exchange Server RCE Vulnerabilities etc. See the full list at: https://www.fortiguard.com/outbreak-alert Links to dedicated reports on each published outbreak by FortiGuard Labs are added to Additional Resources section below.
View the full Outbreak Alert Report
In the year 2022, FortiGuard IPS and FortiGuard AV/Sandbox blocked three trillion and six trillion hits respectively from vulnerabilities, malware and 0-day attacks. Those encompassed several thousand varieties of Remote Code Execution, Cross-Site Scripting, Elevation of Privilege, Denial of Service, Trojans, Exploits. FortiGuard Labs alerted customers with numerous critical threats throughout the year based on factors such as proof-of-concept, attack vectors, impact, ease of attack, dependencies, and more. This annual report covers:>
View the full Outbreak Alert Report
FortiGuard Labs continue to observe widespread activity of Androxgh0st Malware in the wild exploiting multiple vulnerabilities, specifically targeting- the PHPUnit (CVE-2017-9841), Laravel Framework (CVE-2018-15133) and Apache Web Server (CVE-2021-41773) to spread and conduct information gathering attacks on the target networks
Affected Products
Apache HTTP Server 2.4.49, 2.4.50
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://httpd.apache.org/security/vulnerabilities_24.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-10 | 25.619 | Sig Added |
| 2021-11-18 | 18.199 | Sig Added |
| 2021-11-08 | 18.192 | Default_action:pass:drop |
| 2021-10-07 | 18.173 |
| ID | 50825 |
| Created | Oct 07, 2021 |
| Updated | Aug 09, 2023 |
| Outbreak Alert | Apache Path Traversal CISAtop20_PRC2022 2022 Annual Report Androxgh0st Malware |
| Risk |
|
| CVE ID | CVE-2021-42013 CVE-2021-41773 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.46% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Apache |