Important security holes are fixed by the Apache HTTP Server

Share This Post

The second flaw can be used to perform server-side request forgery on Apache HTTP Server 2.47 through 2.4.51. The worldwide popularity of the Apache HTTP Server makes vulnerable systems a prime target for hackers, so patching these two vulnerabilities in Apache’s web server is a top priority for website owners.

The Apache Software Foundation has released new updates that fix two bugs that can be exploited by remote attackers to take control of vulnerable systems running on popular web servers. The bugs tracked as CVE-2021-44790 and CVE-2021-44224 have CVSS scores of 9.8 and 8.2 respectively. A more severe bug in Apache’s web server is rated Critical but is classified as Log4Shell with a CVSS score of 10 out of 10. The first flaw is a memory-related buffer overflow that affects Apache HTTP Server 2.4.5.1 and earlier versions.

Highlights

  • possibility of armament
    In a new alert from the Cybersecurity and Infrastructure Security Agency (CISA), US government agencies say a buffer overflow flaw in the Apache web server “could allow a remote attacker to gain control of the affected system” There is a warning. This critical flaw has not been used in a live exploit, but the Apache HTTPD team believes it could be weaponized by an attacker. Therefore, organizations and individuals running Apache HTTP Server should read this announcement and update their software to the latest version as soon as possible to protect against potential attacks that exploit this critical flaw.

Related Posts

After Carvalho refuses to pay a high-tech ransom, the hackers publish the data from the LAUSD

The information was released Saturday, two days before the...

Overall losers result from the US-China technological dispute

No product has played a more important role in...

India’s Reliance Jio will release a budget laptop with 4G for $ 184

Reliance Jio launches USD 184 (INR 15,000) affordable laptop...

Nevada maintains a $ 1 billion gambling winning run

The Nevada Gaming Control Board announced Friday that the...

Malaysians will be transformed by LifeWave’s wearable wellness Technology

LifeWave enters Malaysia through its patented wearable wellness technology,...

Sebi approves the IPO of Pristine Logistics and Deltatech Gaming

Deltatech Gaming Ltd and Pristine Logistics & Infraprojects Ltd...