Vulnerability

Apache HTTP server vulnerabilities

This blog contains information regarding multiple critical vulnerabilities in Apache HTTP server. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Clip path group@2x

T-Update

Information about vulnerabilities

This blog contains information regarding multiple critical vulnerabilities in Apache HTTP server. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update Oktober 8, 2021

11.00 | Earlier this week, we informed you about new vulnerabilities in Apache HTTP server. At the time, we advised to update Apache HTTP server systems to the latest version (then 2.4.50). Yesterday evening, Apache advised that the patches did not fully resolve one of the vulnerabilities present (CVE-2021-41773). A new vulnerability was registered as CVE-2021-42013. Therefore, systems running version 2.4.50 are still vulnerable for a path traversal attack.

We advise to update Apache systems running version 2.4.49 or 2.4.50 with the latest version: 2.4.51.

Update Oktober 6, 2021

14:00 | Apache Software Foundation has published information regarding two vulnerabilities in Apache HTTP server. One critical vulnerability has been actively exploited in the wild. Updates have been made available to resolve these vulnerabilities.

Apache has published an overview of the vulnerabilities on their website.

Customized cyber security

Background

The vulnerabilities are present in Apache web server version 2.4.49. Apache has published updates to resolve these vulnerabilities. Install these updates as soon as possible.

Risk

The Vulnerability CVE-2021-41524 allows a remote attacker to perform a denial-of-service attack.

CVE-2021-41773 enables an attacker to map directories and files outside of the expected document root by launching a path traversal attack.

This vulnerability is known to be exploited in the wild.

Advice

Apache has published updates to resolve these vulnerabilities. Install these updates as soon as possible.

Sources

More information

https://www.ncsc.nl/actueel/advisory?id=NCSC-2021-0861
https://httpd.apache.org/security/vulnerabilities_24.html

Ellipse 6

Sign up to receive T-Updates

Receive the latest vulnerabilities in your email every Wednesday

More than 1,000 organisations have already joined us.

Tesorion gebruikt jouw gegevens voor het versturen van de gevraagde informatie. Daarnaast worden je gegevens mogelijk gebruikt voor commerciële opvolging. Je kunt je op elk gewenst moment hiervoor afmelden via de link in de e-mail. Lees voor meer informatie ons privacybeleid.

Ellipse 6