Critical Security Flaws with Apache HTTP Server Let Hackers Execute Arbitrary Code Remotely

Dec 29, 2021 06:00 am Cyber Security 477
Critical Security Flaws with Apache HTTP Server Let Hackers Execute Arbitrary Code Remotely

An urgent update has been released (Apache HTTP Server 2.4.52) recently by the Apache Software Foundation to resolve critical vulnerabilities in its Apache HTTP Server. 


The discovered vulnerability was marked as critical and it could be exploited by the threat actors to take control of a vulnerable system. 

Apart from this, even CISA, the U.S. government’s security response agency has also requested open-source community users to immediately update their old vulnerable version with the latest one.


Flaws Forced to Release Update


Here we have mentioned the flaws that have forced to release an urgent update with the patch:-


  • CVE ID: CVE-2021-44790

  • Description: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier.

  • Severity: Critical

  • CVSS: 9.8

  • CVE ID: CVE-2021-44224

  • Description: Possible NULL dereference or SSRF in forwarding proxy configurations in Apache HTTP Server 2.4.51 and earlier.

  • Severity: High

  • CVSS: 8.2

    • While the latest GA release of the new generation 2.4.x branch of Apache HTTPD is the newly released version that is Apache HTTP Server 2.4.52, and Apache has recommended all the users to immediately update all the prior versions.


    Here’s what the foundation critical security flaws apache server hackers execute arbitrary remotely

    Read The Rest from the original source
    gbhackers.com

    Related News

    Be in Touch

    All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
    Powered By The Internet!!!!