Patch now! Attacks on Apache HTTP Server spotted

Share your love

Admins of Apache HTTP servers should act now and bring their systems up to date. Security researchers are currently observing attacks on vulnerable servers.

The vulnerability (CVE-2021-40438) is considered to be “critical“. By sending prepared HTTP requests, remote attackers could be able to do so without authentication according to a warning from Apache at the weak point in mod_proxy and forward requests to any server (Server-Side Request Forgery SSRF).

Apache HTTP Server 2.4.17 up to and including 2.4.48 should be affected by this. the Versions from 2.4.49 should be prepared against such attacks. The secured edition has been available since mid-September 2021. Security researchers from Rapid7, among others, have observed the current attacks. The Federal Office for Information Security (BSI) issued IT threat 2 / yellow for this security problem at the end of November 2021.

According to Rapid7, there is currently no evidence of widespread attacks. However, since countless Apache-based web servers are running around the world, it stands to reason that the volume of attacks will increase. The security researchers claim to have found over 4 million potentially vulnerable servers.


Article Source

Read Also   Genesis GV60: The first battery-electric car from the luxury Hyundai brand
Share your love