Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Patch 'Immediately': Apache Issues Software Fix Amid Zero-Day AttacksPatch 'Immediately': Apache Issues Software Fix Amid Zero-Day Attacks
CISA reports it's seeing ongoing scanning for the flaws and expects the activity to accelerate.
1 Min Read
The Apache HTTP Server Project yesterday issued a new update to its server software to fix two flaws being exploited in the wild.
CISA, meanwhile, urged organizations to "patch immediately" ahead of the holiday weekend, as the agency expects the active ongoing scanning for the flaws it's seeing on the Internet to increase.
"CISA is also seeing ongoing scanning of vulnerable systems, which is expected to accelerate, likely leading to exploitation. CISA urges organizations to patch immediately if they haven’t already—this cannot wait until after the holiday weekend," the agency said in an advisory.
The new HTTP Server Version 2.4.51 addresses a path traversal flaw (CVE-2021-41773) and a remote code execution flaw (CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50.
It's been a tough month for Apache software, as researchers earlier this week reported they had seen misconfigured implementations of the Apache Airflow workflow platform exposing credentials and other sensitive data to the Internet.
Read more here.
About the Author
You May Also Like
More Insights
Webinars
Uncovering Threats to Your Mainframe & How to Keep Host Access Secure
Feb 13, 2025Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025
