Google Researcher Reported 3 Flaws in Apache Web Server Software

apache web server security

If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.

Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service.

The flaws, tracked as CVE-2020-9490, CVE-2020-11984, CVE-2020-11993, were uncovered by Felix Wilhelm of Google Project Zero, and have since been addressed by the Apache Foundation in the latest version of the software (2.4.46).

cybersecurity

The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the “mod_uwsgi” module (CVE-2020-11984), potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server.

“[A] Malicious request may result in information disclosure or [remote code execution] of an existing file on the server running under a malicious process environment,” Apache noted.

A second flaw concerns a vulnerability that’s…

http://feedproxy.google.com/~r/TheHackersNews/~3/cYGctiJhlX8/apache-webserver-security.html

Have a comment? Type it below!