Page 1 of 1

Apache HTTP Server devs issue fix for critical data leak vulnerability

Posted: Wed 6. Oct 2021, 06:26
by Tony20
Web admins are urged to protect against a high-impact path traversal vulnerability in the latest version of Apache Server that is being exploited in the wild.

As previously reported by The Daily Swig, the September update to Apache HTTP Server 2.4 fixed a number of issues, including server-side request forgery (SSRF) and request smuggling bugs.



https://portswigger.net/daily-swig/apac ... update-now

Re: Apache HTTP Server devs issue fix for critical data leak vulnerability

Posted: Wed 6. Oct 2021, 08:41
by Alexander
Thanks for the note, but KeyHelp Servers are not affected.

The affected version is 2.4.49

The latest Apache Version for the latest Debian 11 is 2.4.48 and for Ubuntu 20 it is 2.4.41.
(Older OS versions use older Apache versions).

As a side note, always keep the maintenance interval "Update server services" enabled ("KeyHelp Admin Area" -> "Settings" -> "Maintenance Intervals") and you are protected against such vulnerabilities, as all available updates get automatically applied.