Patch 'Immediately': Apache Issues Software Fix Amid Zero-Day Attacks
CISA reports it's seeing ongoing scanning for the flaws and expects the activity to accelerate.
The Apache HTTP Server Project yesterday issued a new update to its server software to fix two flaws being exploited in the wild.
CISA, meanwhile, urged organizations to "patch immediately" ahead of the holiday weekend, as the agency expects the active ongoing scanning for the flaws it's seeing on the Internet to increase.
"CISA is also seeing ongoing scanning of vulnerable systems, which is expected to accelerate, likely leading to exploitation. CISA urges organizations to patch immediately if they haven’t already—this cannot wait until after the holiday weekend," the agency said in an advisory.
The new HTTP Server Version 2.4.51 addresses a path traversal flaw (CVE-2021-41773) and a remote code execution flaw (CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50.
It's been a tough month for Apache software, as researchers earlier this week reported they had seen misconfigured implementations of the Apache Airflow workflow platform exposing credentials and other sensitive data to the Internet.
Read more here.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024