Skip to main content

Apache HTTP Server Multiple Vulnerabilities

Release Date: 20 Sep 2021 5279 Views

RISK: High Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were identified in Apache HTTP Server, a remote attacker could exploit some of these vulnerabilities to trigger denial of service, security restriction bypass, sensitive information disclosure and spoofing on the targeted system.


CVE-2021-40438 is being exploited in the wild.


[Updated on 2021-11-30] It was reported by security researcher that exploiting CVE-2021-40438 may trigger remote code execution if "mod-proxy" function is enabled.


[Updated on 2021-11-30] The CVE-2021-40438 is being exploited in the wild and the risk level is changed from medium risk to high risk correspondingly.


  • Denial of Service
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing

System / Technologies affected

  • Apache HTTP Server versions 2.4.17 to 2.4.48


Before installation of the software, please visit the vendor web-site for more details.


Apply fixes issued by the vendor:


  • Apache HTTP Server versions 2.4.49

Vulnerability Identifier


Related Link