The Apache Software Foundation just published an urgent upgrade (Apache HTTP Server 2.4.52) to address significant vulnerabilities in its Apache HTTP Server.
The found vulnerability was classified as critical, and threat actors might use it to gain control of a susceptible system.
Aside from that, CISA, the US government's security response organisation, has also asked that open-source community members quickly replace their old vulnerable version with the most recent one.
Flaws Forced to Release Update
Here we have mentioned the flaws that have forced to release an urgent update with the patch:-
CVE ID: CVE-2021-44790
Description: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier.
Severity: Critical
CVSS: 9.8
CVE ID: CVE-2021-44224
Description: Possible NULL dereference or SSRF in forwarding proxy configurations in Apache HTTP Server 2.4.51 and earlier.
Severity: High
CVSS: 8.2
While Apache HTTP Server 2.4.52 is the most recent GA release of the new generation 2.4.x branch of Apache HTTPD, Apache has advised all users to upgrade all previous versions promptly.
Where can I get it?
If you wish to obtain the latest version of Apache HTTP Server, version 2.4.52, go to the Apache foundation's official distribution channel.
Furthermore, these security weaknesses are highlighted by cybersecurity professionals in the list of known exploited vulnerabilities, and all of this is kept by the U.S. government's security response agency CISA.
Comments