Apache HTTP Server devs issue fix for critical data leak vulnerability

Locked
Tony20
Posts: 45
Joined: Tue 7. Apr 2020, 19:21

Apache HTTP Server devs issue fix for critical data leak vulnerability

Post by Tony20 »

Web admins are urged to protect against a high-impact path traversal vulnerability in the latest version of Apache Server that is being exploited in the wild.

As previously reported by The Daily Swig, the September update to Apache HTTP Server 2.4 fixed a number of issues, including server-side request forgery (SSRF) and request smuggling bugs.



https://portswigger.net/daily-swig/apac ... update-now
User avatar
Alexander
Keyweb AG
Posts: 3814
Joined: Wed 20. Jan 2016, 02:23

Re: Apache HTTP Server devs issue fix for critical data leak vulnerability

Post by Alexander »

Thanks for the note, but KeyHelp Servers are not affected.

The affected version is 2.4.49

The latest Apache Version for the latest Debian 11 is 2.4.48 and for Ubuntu 20 it is 2.4.41.
(Older OS versions use older Apache versions).

As a side note, always keep the maintenance interval "Update server services" enabled ("KeyHelp Admin Area" -> "Settings" -> "Maintenance Intervals") and you are protected against such vulnerabilities, as all available updates get automatically applied.
Mit freundlichen Grüßen / Best regards
Alexander Mahr

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Locked