{"uuid": "f4c12e7e-2fd1-4931-a97b-383658966320", "vulnerability": {"vulnId": "CVE-2021-41773", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "f4c12e7e-2fd1-4931-a97b-383658966320"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T13:24:01Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache HTTP Server Path Traversal Vulnerability | Affected: Apache / HTTP Server | Description: Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default \ufffdrequire all denied\ufffd or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-41773"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HTTP Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apache", "vulnerabilityName": "Apache HTTP Server Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2021-41773", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-41773"}]}