top of page
Search

CRITICAL SECURITY FLAWS IN APACHE HTTP SERVER ALLOW HACKERS TO EXECUTE ARBITRARY CODE REMOTELY



The Apache Software Foundation just published an urgent upgrade (Apache HTTP Server 2.4.52) to address significant vulnerabilities in its Apache HTTP Server.

The found vulnerability was classified as critical, and threat actors might use it to gain control of a susceptible system.

Aside from that, CISA, the US government's security response organisation, has also asked that open-source community members quickly replace their old vulnerable version with the most recent one.


Flaws Forced to Release Update

Here we have mentioned the flaws that have forced to release an urgent update with the patch:-

  • CVE ID: CVE-2021-44790

  • Description: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier.

  • Severity: Critical

  • CVSS: 9.8

  • CVE ID: CVE-2021-44224

  • Description: Possible NULL dereference or SSRF in forwarding proxy configurations in Apache HTTP Server 2.4.51 and earlier.

  • Severity: High

  • CVSS: 8.2

While Apache HTTP Server 2.4.52 is the most recent GA release of the new generation 2.4.x branch of Apache HTTPD, Apache has advised all users to upgrade all previous versions promptly.

Where can I get it?

If you wish to obtain the latest version of Apache HTTP Server, version 2.4.52, go to the Apache foundation's official distribution channel.

Furthermore, these security weaknesses are highlighted by cybersecurity professionals in the list of known exploited vulnerabilities, and all of this is kept by the U.S. government's security response agency CISA.

4 views0 comments

Comments


bottom of page