Apache HTTP Server Path Traversal and Remote Code Execution Vulnerability

A path traversal vulnerability allowing remote code execution has been identified in Apache HTTP Server versions 2.4.49 and 2.4.50. The vulnerability arises from an improper handling of path normalization, which allows attackers to map URLs to files outside the designated document root. If these files are not secured by the default 'require all denied' directive, the requests may succeed. Additionally, if CGI scripts are enabled for the affected paths, this could lead to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for path traversal, unauthorized file access, and potentially executing arbitrary code on the server.

Reproduction

To reproduce this vulnerability, send a request to the server's 'cgi-bin' directory, which is executed by default. Include a path traversal payload that navigates up the directory structure to access sensitive files, such as '/etc/passwd' on Linux systems. The server must be running Apache HTTP version 2.4.49 with 'mod_cgi' enabled.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.51 or later, which addresses this vulnerability.