Apache has released a new HTTP Server version to address two security flaws; CVE-2023-25690 and CVE-2023-27522. The vulnerabilities may allow an attacker to perform HTTP smuggling attacks on a vulnerable server. On successful exploitation, these vulnerabilities could result in information disclosure and enable attackers to execute further attacks. The Apache HTTP Server, also called … Continue reading “Apache Patches HTTP Request Splitting Vulnerabilities in its HTTP Server (CVE-2023-25690 and CVE-2023-27522)”
Tag: apache HTTP Server
Apache Releases Security Update for HTTP Server 2.4 to Address Two Vulnerabilities (CVE-2021-44790 & CVE-2021-44224)
Apache, the open-source software foundation behind the Log4j logging library that has been the subject of so many Log4Shell headlines, released an update to correct two vulnerabilities in HTTPD, a web server that ranks right up there with Log4j in terms of ubiquity. These recently discovered vulnerabilities (CVE-2021-44790 & CVE-2021-44224) allow attackers to cause a … Continue reading “Apache Releases Security Update for HTTP Server 2.4 to Address Two Vulnerabilities (CVE-2021-44790 & CVE-2021-44224)”