Einen Überblick über das Administrationstool KeyHelp der Keyweb AG und dessen Download gibt es auf https://www.keyhelp.de

Dieses Forum soll es interessierten Benutzern ermöglichen, sich über KeyHelp auszutauschen und Hilfe bei Problemen zu finden.

Apache HTTP Server devs issue fix for critical data leak vulnerability

Gerneral discussion and questions about KeyHelp
Antworten
Tony20
Beiträge: 30
Registriert: Di 7. Apr 2020, 19:21

Apache HTTP Server devs issue fix for critical data leak vulnerability

Beitrag von Tony20 »

Web admins are urged to protect against a high-impact path traversal vulnerability in the latest version of Apache Server that is being exploited in the wild.

As previously reported by The Daily Swig, the September update to Apache HTTP Server 2.4 fixed a number of issues, including server-side request forgery (SSRF) and request smuggling bugs.



https://portswigger.net/daily-swig/apac ... update-now
Benutzeravatar
Alexander
Keyweb AG
Beiträge: 2137
Registriert: Mi 20. Jan 2016, 02:23

Re: Apache HTTP Server devs issue fix for critical data leak vulnerability

Beitrag von Alexander »

Thanks for the note, but KeyHelp Servers are not affected.

The affected version is 2.4.49

The latest Apache Version for the latest Debian 11 is 2.4.48 and for Ubuntu 20 it is 2.4.41.
(Older OS versions use older Apache versions).

As a side note, always keep the maintenance interval "Update server services" enabled ("KeyHelp Admin Area" -> "Settings" -> "Maintenance Intervals") and you are protected against such vulnerabilities, as all available updates get automatically applied.
Mit freundlichen Grüßen / Best regards
Alexander Mahr

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Antworten