Critical Apache HTTP Server Flaws Fixed

The Apache Software Foundation has just published a new version to fix two vulnerabilities that may be exploited by a remote attacker to take control of a vulnerable system running in its well-known web server. The CVE-2021-44790 and CVE-2021-44224 flaws have CVSS scores of 9.8 and 8.2, respectively.

Despite the fact that the more severe vulnerability in Apache’s web server has a critical rating, Log4Shell, which rates 10 out of 10 on the CVSS scale, is ranked below it. The first problem is a memory-related buffer overflow that affects Apache HTTP Server 2.4.5 and earlier versions, while the second may be used to execute server-side request forgery in Apache HTTP Server 2.47 through 2.4.51.

Because it is one of the most popular web servers on Earth (as stated by IT Pro), vulnerable systems are a favorite target for hackers because it is one of the most widely used web servers on Earth (as stated by IT Pro).

Weaponization is a possibility.

CISA, a branch of the US Department of Homeland Security, has warned that the Apache Web server buffer overflow vulnerability may be used by a remote attacker to take control of an infected system. Although this critical flaw has been utilized in any public attacks, the Apache HTTPD team thinks it might be weaponized by an attacker.

As a consequence, organizations and users that run Apache HTTP Server should upgrade the software to the most recent version as soon as possible to avoid being targeted by any assaults based on this critical vulnerability.