Skip to main content

Apache HTTP Server Multiple Vulnerabilities

Release Date: 20 Sep 2021 3095 Views

RISK: High Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were identified in Apache HTTP Server, a remote attacker could exploit some of these vulnerabilities to trigger denial of service, security restriction bypass, sensitive information disclosure and spoofing on the targeted system.

 

Note:
CVE-2021-40438 is being exploited in the wild.

 

[Updated on 2021-11-30] It was reported by security researcher that exploiting CVE-2021-40438 may trigger remote code execution if "mod-proxy" function is enabled.

 

[Updated on 2021-11-30] The CVE-2021-40438 is being exploited in the wild and the risk level is changed from medium risk to high risk correspondingly.


Impact

  • Denial of Service
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing

System / Technologies affected

  • Apache HTTP Server versions 2.4.17 to 2.4.48

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

 

  • Apache HTTP Server versions 2.4.49

Vulnerability Identifier


Source


Related Link