Apache has put out an update to fix the two bugs in HTTPD, which is a web server that’s right up there with Log4j in its ubiquity.
Apache is the open-source software foundation behind the Log4J logging library that’s been making for so many Log4Shell headlines. Both vulnerabilities are found in Apache HTTP Server 2.4.51 and earlier.
Although technical details are known, there’s no available exploit – at least, not yet. The vulnerability’s structure had suggested that an exploit would fetch between $5,000 and $25,000, VulDB estimated. Sophos principal security researcher Paul Ducklin said that the two bugs could leave servers at risk of some serious hurt.
Read more: Threatpost
For more such updates follow us on Google News ITsecuritywire News