There are many occasions in which vulnerabilities can arise that put our security and privacy at risk. It can affect all types of devices and systems that we use. That is why we must always be alert and have the latest versions to correct this problem. In this article we report on a series of bugs that affect Apache servers .
Three security flaws put Apache servers at risk
Apache servers are very popular. They are open source HTTP servers that are available for multiple platforms. This makes many users opt for this option. Today we echo a total of three vulnerabilities that put security at risk and that need to be corrected.
A Google security researcher, Felix Wilhelm, has alerted to a total of three security flaws affecting Apache servers. These vulnerabilities have been registered as CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993.
The first of those failures could be a buffer overflow . This could potentially allow an attacker to view, change, or delete sensitive data based on the privileges associated with an application running on the server. This could lead to information leakage, for example.
A second security flaw is triggered when debugging is enabled in the “mod_http2” module. This would cause log statements to be made on the wrong connection and thus memory corruption due to concurrent use of the log pool.
Last, and most important of the three, it also resides in the HTTP / 2 module and uses a specially designed ‘Cache-Digest’ header to cause memory corruption leading to a crash and denial of service.
Fixed vulnerabilities
Keep in mind that Apache has fixed these vulnerabilities in their web server software that could potentially have led to the execution of arbitrary code. These flaws, as we have seen, could even allow attackers to cause a crash and denial of service.
It is very important that users using Apache servers have their software updated to the latest version 2.4.46. As we always say, there are many occasions in which vulnerabilities arise that can put the security of our equipment and systems at risk. Luckily, the developers themselves release updates and patches that can mean the end of those problems that could be executed by hackers.
We must therefore keep our systems with the latest versions. In the case of Apache, we must have the software updated to version 2.4.46 . Only then will we avoid running the risk of suffering from any of the three vulnerabilities that we have mentioned.
We leave you an article with tips on maintaining security on web servers. In these cases, avoiding risks that could compromise our data and put privacy at risk is essential and we must take measures before it can affect us.
