Patch 'Immediately': Apache Issues Software Fix Amid Zero-Day Attacks

CISA reports it's seeing ongoing scanning for the flaws and expects the activity to accelerate.

Dark Reading Staff, Dark Reading

October 8, 2021

1 Min Read
Dark Reading logo in a gray background | Dark Reading

The Apache HTTP Server Project yesterday issued a new update to its server software to fix two flaws being exploited in the wild.

CISA, meanwhile, urged organizations to "patch immediately" ahead of the holiday weekend, as the agency expects the active ongoing scanning for the flaws it's seeing on the Internet to increase.

"CISA is also seeing ongoing scanning of vulnerable systems, which is expected to accelerate, likely leading to exploitation. CISA urges organizations to patch immediately if they haven’t already—this cannot wait until after the holiday weekend," the agency said in an advisory.

The new HTTP Server Version 2.4.51 addresses a path traversal flaw (CVE-2021-41773) and a remote code execution flaw (CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50. 

It's been a tough month for Apache software, as researchers earlier this week reported they had seen misconfigured implementations of the Apache Airflow workflow platform exposing credentials and other sensitive data to the Internet. 

Read more here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights