CISA releases advisory on five Apache HTTP server vulnerabilities affecting Cisco products


Level 37
Thread author
Top poster
Feb 4, 2016
The government agency urged administrators to review Cisco's advisory and apply the necessary updates.

CISA has released a second advisory about several Apache HTTP server vulnerabilities. In November, Cisco sent out a notice about the vulnerabilities, explaining that the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2.4.48 and earlier releases on September 16.

The IDs are CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438.

Cisco noted that one of the vulnerabilities in the mod_proxy module of Apache HTTP Server (httpd) could allow an unauthenticated, remote attacker to make the httpd server forward requests to an arbitrary server.
  • +Reputation
Reactions: upnorth