CVE-2021-41773CISA KEVEPSS p100.0%

CVE-2021-41773Apache HTTP Server Path Traversal Vulnerability

Apache / HTTP Server

Description

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.

Scoring

EPSS99.99% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryApache HTTP Server Path Traversal Vulnerabilitykev-cve-2021-417730%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Apache HTTP Server Improper Escaping of Output Vulnerability
CVE
CVE-2025-41736
CVE
CVE-2025-41368
CVE
Apache OFBiz Path Traversal Vulnerability
CVE
Apache APISIX Authentication Bypass Vulnerability
CVE
Apache Tomcat Path Equivalence Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.