The Apache HTTP Server 2.4.52 is listed as urgent and the U.S. government’s security response agency CISA is urging users of the open-source cross-platform web server software to “update as soon as possible.”
The patch provides cover for two documented security vulnerabilities CVE-2021-44790 and CVE-2021-44224 one of which may allow a remote attacker to take control of an affected system.
The open-source group also documented CVE-2021-44224, a “moderate-risk” NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier. Security flaws in the Apache HTTP Server have been identified in the “known exploited vulnerabilities catalog” maintained by CISA.
Read more: Securityweek
For more such updates follow us on Google News ITsecuritywire News