Apache HTTP Server Multiple Vulnerabilities

Release Date: 20 Sep 2021 5159 Views

RISK: High Risk

High Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were identified in Apache HTTP Server, a remote attacker could exploit some of these vulnerabilities to trigger denial of service, security restriction bypass, sensitive information disclosure and spoofing on the targeted system.

 

Note:
CVE-2021-40438 is being exploited in the wild.

 

[Updated on 2021-11-30] It was reported by security researcher that exploiting CVE-2021-40438 may trigger remote code execution if "mod-proxy" function is enabled.

 

[Updated on 2021-11-30] The CVE-2021-40438 is being exploited in the wild and the risk level is changed from medium risk to high risk correspondingly.

Impact

  • Denial of Service
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing

System / Technologies affected

  • Apache HTTP Server versions 2.4.17 to 2.4.48

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

 

  • Apache HTTP Server versions 2.4.49

Vulnerability Identifier

Source

Related Link

Related Tags

ApacheDenial of ServiceSecurity Restriction BypassInformation DisclosureSpoofing

Share with

Previous

OpenSSL Denial of Service Vulnerability

20 Sep 2021 12313 Views

Next

Linux Kernel Multiple Vulnerabilities

20 Sep 2021 4333 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY