Greetings,
I was just provided with a Vulnerability report by my organization. It shows that Apache version 2.4.59 contains several severe vulnerabilities (see below). Will there be a add-on for 2.4.60 in the near future so that I can update our server? Thank you in advance.
Vulnerability Insight
The following ?aws exist:
- CVE-2024-36387: Denial of Service (DoS) by Null pointer in websocket over HTTP/2
- CVE-2024-38472: Windows UNC Server-Side Request Forgery (SSRF)
- CVE-2024-38473: Proxy encoding problem
- CVE-2024-38474: Weakness with encoded question marks in backreferences
- CVE-2024-38475: Weakness in mod_rewrite when first segment of substitution matches ?lesys?tem path
- CVE-2024-38476: May use exploitable/malicious backend application output to run local han?dlers via internal redirect
- CVE-2024-38477: Crash resulting in DoS in mod_proxy via a malicious request
- CVE-2024-39573: mod_rewrite proxy handler substitution
I was just provided with a Vulnerability report by my organization. It shows that Apache version 2.4.59 contains several severe vulnerabilities (see below). Will there be a add-on for 2.4.60 in the near future so that I can update our server? Thank you in advance.
Vulnerability Insight
The following ?aws exist:
- CVE-2024-36387: Denial of Service (DoS) by Null pointer in websocket over HTTP/2
- CVE-2024-38472: Windows UNC Server-Side Request Forgery (SSRF)
- CVE-2024-38473: Proxy encoding problem
- CVE-2024-38474: Weakness with encoded question marks in backreferences
- CVE-2024-38475: Weakness in mod_rewrite when first segment of substitution matches ?lesys?tem path
- CVE-2024-38476: May use exploitable/malicious backend application output to run local han?dlers via internal redirect
- CVE-2024-38477: Crash resulting in DoS in mod_proxy via a malicious request
- CVE-2024-39573: mod_rewrite proxy handler substitution