logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.


Post new topic   Forum Index -> News & Hangout View previous topic :: View next topic
Reply to topic   Topic: Apache httpd 2.4.50/51 post mortem
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2880
Location: Hilversum, NL, EU

PostPosted: Fri 08 Oct '21 18:35    Post subject: Apache httpd 2.4.50/51 post mortem Reply with quote

Stefan explains in his blog what the issue really was and why you, most likely, were not affected.

With Apache 2.4.50 the team fixed CVE-2021-41773, a critical security flaw that allowed under certain conditions an outside to access files on your server outside of the configured document roots.

This fix was corrected for the issue reported, but it did not close the weakness completely, as was discovered soon thereafter by people in the security community. Indeed, the weakness was worse than originally thought. But it also affected way less installations than was communicated in the media.

Read more..... https://github.com/icing/blog/blob/main/httpd-2.4.50.md

Thanks! Stefan
Back to top


Reply to topic   Topic: Apache httpd 2.4.50/51 post mortem View previous topic :: View next topic
Post new topic   Forum Index -> News & Hangout