The Apache HTTP Server Project yesterday issued a new update to its server software to fix two flaws being exploited in the wild.
CISA, meanwhile, urged organizations to “patch immediately” ahead of the holiday weekend, as the agency expects the active ongoing scanning for the flaws it’s seeing on the Internet to increase.
“CISA is also seeing ongoing scanning of vulnerable systems, which is expected to accelerate, likely leading to exploitation. CISA urges organizations to patch immediately if they haven’t already—this cannot wait until after the holiday weekend,” the agency said in an advisory.
The new HTTP Server Version 2.4.51 addresses a path traversal flaw (CVE-2021-41773) and a remote code execution flaw (CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50.
It’s been a tough month for Apache software, as researchers earlier this week reported they had seen misconfigured implementations of the Apache Airflow workflow platform exposing credentials and other sensitive data to the Internet.
Read more here.