Threat Response- UPDATE: Vulnerability in Apache HTTP Server 2.4.49/2.4.50

08-10-2021

A SAFE DIGITAL JOURNEY

Last Wednesday, 6 October, we informed you via a Threat Response about a vulnerability in Apache HTTP Server. By now, more information has become available that we want to share with you. vThe Apache Software Foundation has announced that the previously released patch does not work under certain circumstances [1]. Therefore, to mitigate this vulnerability updating to Apache HTTP Server 2.4.50 is not sufficient. Instead, users should update to version 2.4.51 to mitigate the vulnerability.

Impact

The impact remains unchanged and is classified as high.

Risk

The risk remains unchanged and is classified as high.

Mitigation

To mitigate this vulnerability, it is necessary to upgrade Apache HTTP Server to version 2.4.51.

What will Northwave do?

This vulnerability is covered within the Northwave Vulnerability Management service. Customers of this service will be notified in case a vulnerable system is detected in their infrastructure.

Northwave will monitor any developments regarding this vulnerability. If new critical information about this threat arises we will reach out to you. If you need additional information you can call us by phone or send us an email.

E-mail: [email protected]
Do you have an incident right now? Call our CERT number: +31 (0)85 043 7909 or 0800-1744 (alleen vanuit Nederland)

Disclaimer applies, see below.

Sources

[1]: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013

 

Disclaimer
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.