Description
Due to a flaw in the way how Apache HTTP Server normalizes the path, an attacker can use it to perform path traversal attack and access sensitive information on the server, which may lead to a takeover of the server. In some configurations of the web server, it may lead to remote code execution directly.
Remediation
Upgrade to the latest version of Apache HTTP Server.
References
Related Vulnerabilities
WordPress Plugin PowerPack Lite for Beaver Builder Local File Inclusion (1.3.0.3)
WordPress Plugin LearnPress-WordPress LMS Local File Inclusion (4.2.6.8.2)
WordPress 6.4.x Remote Code Execution (6.4 - 6.4.1)
WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)
Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850)