Apache HTTP Server Multiple Vulnerabilities
RISK: High Risk
TYPE: Servers - Web Servers
Multiple vulnerabilities were identified in Apache HTTP Server, a remote attacker could exploit some of these vulnerabilities to trigger denial of service, security restriction bypass, sensitive information disclosure and spoofing on the targeted system.
CVE-2021-40438 is being exploited in the wild.
[Updated on 2021-11-30] It was reported by security researcher that exploiting CVE-2021-40438 may trigger remote code execution if "mod-proxy" function is enabled.
[Updated on 2021-11-30] The CVE-2021-40438 is being exploited in the wild and the risk level is changed from medium risk to high risk correspondingly.
- Denial of Service
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Apache HTTP Server versions 2.4.17 to 2.4.48
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- Apache HTTP Server versions 2.4.49