The government agency urged administrators to review Cisco's advisory and apply the necessary updates.
CISA has
released a second advisory about several Apache HTTP server vulnerabilities. In November, Cisco
sent out a notice about the vulnerabilities, explaining that the Apache Software Foundation
disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2.4.48 and earlier releases on September 16.
The IDs are CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438.
Cisco noted that one of the vulnerabilities in the mod_proxy module of Apache HTTP Server (httpd) could allow an unauthenticated, remote attacker to make the httpd server forward requests to an arbitrary server.