CISA releases advisory on five Apache HTTP server vulnerabilities affecting Cisco products

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,507
The government agency urged administrators to review Cisco's advisory and apply the necessary updates.

CISA has released a second advisory about several Apache HTTP server vulnerabilities. In November, Cisco sent out a notice about the vulnerabilities, explaining that the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2.4.48 and earlier releases on September 16.

The IDs are CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438.

Cisco noted that one of the vulnerabilities in the mod_proxy module of Apache HTTP Server (httpd) could allow an unauthenticated, remote attacker to make the httpd server forward requests to an arbitrary server.
 
  • +Reputation
Reactions: upnorth