CVE-2021-42013CISA KEVEPSS p100.0%

CVE-2021-42013Apache HTTP Server Path Traversal Vulnerability

Apache / HTTP Server

Description

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.

Scoring

EPSS99.96% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryApache HTTP Server Path Traversal Vulnerabilitykev-cve-2021-420130%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Apache HTTP Server Improper Escaping of Output Vulnerability
CVE
Apache OFBiz Path Traversal Vulnerability
CVE
Apache Tomcat Path Equivalence Vulnerability
CVE
Apache APISIX Authentication Bypass Vulnerability
CVE
CVE-2025-41368
CVE
Apache HTTP Server-Side Request Forgery (SSRF)
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.