High Threat Security Alert (A21-10-03): Multiple Vulnerabilities in Apache HTTP Server
06 October 2021
The Apache Software Foundation released a security update to address multiple vulnerabilities in the HTTP Server and its modules. The issues affect only Apache 2.4.49 and not earlier versions. A remote attacker could exploit the vulnerabilities by sending a specially crafted request to the affected systems.
Reports indicate that the vulnerability (CVE-2021-41773) is being exploited in the wild. You are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Apache HTTP Server version 2.4.49
Depending on the vulnerability exploited, a successful exploitation could lead to denial of service, information disclosure or security restriction bypass on an affected system.
The Apache Software Foundation has released new version of the product to address the issues and they can be downloaded at the following URL: