Web admins are urged to protect against a high-impact path traversal vulnerability in the latest version of Apache Server that is being exploited in the wild.
As previously reported by The Daily Swig, the September update to Apache HTTP Server 2.4 fixed a number of issues, including server-side request forgery (SSRF) and request smuggling bugs.
https://portswigger.net/daily-swig/apac ... update-now
Apache HTTP Server devs issue fix for critical data leak vulnerability
Re: Apache HTTP Server devs issue fix for critical data leak vulnerability
Thanks for the note, but KeyHelp Servers are not affected.
The affected version is 2.4.49
The latest Apache Version for the latest Debian 11 is 2.4.48 and for Ubuntu 20 it is 2.4.41.
(Older OS versions use older Apache versions).
As a side note, always keep the maintenance interval "Update server services" enabled ("KeyHelp Admin Area" -> "Settings" -> "Maintenance Intervals") and you are protected against such vulnerabilities, as all available updates get automatically applied.
The affected version is 2.4.49
The latest Apache Version for the latest Debian 11 is 2.4.48 and for Ubuntu 20 it is 2.4.41.
(Older OS versions use older Apache versions).
As a side note, always keep the maintenance interval "Update server services" enabled ("KeyHelp Admin Area" -> "Settings" -> "Maintenance Intervals") and you are protected against such vulnerabilities, as all available updates get automatically applied.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************