Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Apache httpd 2.4.50/51 post mortem |
|
Author |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3095 Location: Hilversum, NL, EU
|
Posted: Fri 08 Oct '21 18:35 Post subject: Apache httpd 2.4.50/51 post mortem |
|
|
Stefan explains in his blog what the issue really was and why you, most likely, were not affected.
With Apache 2.4.50 the team fixed CVE-2021-41773, a critical security flaw that allowed under certain conditions an outside to access files on your server outside of the configured document roots.
This fix was corrected for the issue reported, but it did not close the weakness completely, as was discovered soon thereafter by people in the security community. Indeed, the weakness was worse than originally thought. But it also affected way less installations than was communicated in the media.
Read more..... https://github.com/icing/blog/blob/main/httpd-2.4.50.md
Thanks! Stefan |
|
Back to top |
|
|
|
|
|
|