Apache releases new security patch for HTTP server


New Delhi, Dec 23 (IANS): The Apache Software Foundation has released a patch to fix a critical flaw in its hugely popular web server that allows remote attackers to take control of a vulnerable system.

A fix has been issued for a critical flaw in Apache HTTP Server, the world's second-most widely used web server.

The first Apache web server flaw is a memory-related buffer overflow affecting Apache HTTP Server 2.4.51 and earlier.

The Cybersecurity and Infrastructure Security Agency (CISA) has warned it "may allow a remote attacker to take control of an affected system".

The Apache Software Foundation has released three updates in the past week in the wake of the widespread 'Log4Shell' vulnerability in Log4j version 2 branch.

As the world scrambles to plug serious security bugs that can derail the Internet for millions, Google has said that more than 35,000 Java packages, amounting to over 8 per cent of the Maven Central repository (the most significant Java package repository), have been impacted by the recently disclosed vulnerabilities with widespread fallout across the software industry.

Cyber criminals are making thousands of attempts to exploit a second vulnerability involving a Java logging system called 'Apache log4j2'.

Cybersecurity firms have found that major ransomware groups like Conti are exploring ways to take advantage of the vulnerability.

They warned that hackers were making over 100 attempts every minute to exploit a critical security vulnerability in the widely-used Java logging system called 'Apache log4j2', leaving millions of companies globally at cyber theft risk.

Several popular services, including Apple iCloud, Amazon, Twitter, Cloudflare and Minecraft, are vulnerable to this 'ubiquitous' zero-day exploit, now dubbed as one of the most serious vulnerabilities on the Internet in recent years.

 

  

Top Stories


Leave a Comment

Title: Apache releases new security patch for HTTP server



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.