Synthesis
Some security vulnerabilities have been detected, of which 3 with “critical” severity and 2 with “high” severity, in Apache HTTP Server, a well-known open source web server developed by the Apache Software Foundation.
Risk
Estimated impact of vulnerability on the reference community: HIGH/ORANGE (66.4/100)1.
Type
- Arbitrary Code Execution
- Denial of Service
- Information Disclosure
- Security Restrictions Bypass
Affected products and versions
Apache HTTP Server 2.4.x, versions prior to 2.4.60
Mitigation actions
In line with the vendor’s statements, it is recommended to update vulnerable products following the indications of the security bulletin reported in the References section.
Unique vulnerability identifiers
Below are the only CVEs relating to vulnerabilities with “critical” and “high” severity:
References
https://httpd.apache.org/security/vulnerabilities_24.html
1This estimate is carried out taking into account various parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
