Security Alert (A20-08-04): Multiple Vulnerabilities in Apache HTTP Server


 

Published on: 17 August 2020

  
  

Description:

The Apache Software Foundation released a security update to address multiple vulnerabilities in the HTTP Server and its modules, including mod_proxy_uwsgi and mod_http2.  A remote attacker could exploit the vulnerabilities by sending a specially crafted request to the affected systems.

 

Affected Systems:

  •  Apache versions 2.4.20 to 2.4.43

 

Impact:

Depending on the vulnerability exploited, a successful exploitation could lead to remote code execution, information disclosure or denial of service on an affected system.

 

Recommendation:

The Apache Software Foundation has released new version of the product to address the issues and they can be downloaded at the following URL:

https://httpd.apache.org/download.cgi#apache24

 

More Information:

https://httpd.apache.org/security/vulnerabilities_24.html#2.4.44
https://www.hkcert.org/my_url/en/alert/20081101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984

 



Tag: Apache , Apache HTTP Server
Tags