Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

ACSC issues critical alert for Apache HTTP server

The Australian Cyber Security Centre has issued a critical alert for the Apache HTTP server, one of Australia’s most widely utilised web servers.

user icon
Fri, 08 Oct 2021
ACSC issues critical alert for Apache HTTP server
expand image

The Australian Cyber Security Centre (ACSC) has issued a critical alert for the Apache HTTP server 2.4.49, with the watchdog warning users that Apache's HTTP is one of Australia’s widest used servers within Unix and Microsoft systems.

According to the ACSC, the loophole is expected to enable criminals to remotely run arbitrary code that can install malware onto the device or access files from “outside of the web server root”.

Media outlet Threat Post reported that 112,000 servers are still using Apache’s exploitable version.

============
============

It is expected that the vulnerability enables threat actors to attain code that will enable them to leverage further vectors to maintain continued attacks.

According to Apache, the vulnerability was present within the 2.4.49 update.

“It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives,” Apache said on its website.

“If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.”

The ACSC has recommended that users immediately use the updated Apache HTTP Server patch.

[Related: New research reveals TikTok least trusted social media brand]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.