High Performance Intercloud - Hokkaido University Information Initiative Center

HOKKAIDO UNIVERSITY
NEWS
HOME >

NEWS

> [Caution] Vulnerability in Apache HTTP Web Server 2.4

JPCERT Coordination Center (JPCERT / CC) is calling for attention that multiple vulnerabilities have been discovered in Apache HTTP Web Server 2.4.

Please consider updating as soon as possible if you are using an Apache HTTP Web Server on a cloud server.

These vulnerabilities may cause:
・ Falsification
・ Redirect to malicious web pages
・ Information leak
・ Damper of service operation (DoS) attack

Please check the following page for details.
https://jvn.jp/vu/JVNVU98790275/
https://httpd.apache.org/security/vulnerabilities_24.html

Affected versions:
* Apache HTTP Web Server version prior to 2.4.41

Note that you can check the version you are currently using with commands such as:
‘httpd -v’ or ‘apachectl -v’

* Depending on the OS, these commands may show the old version number, so please update the OS to the latest state using a command such as ‘yum update’ or ‘apt-get update / apt-get upgrade’.
* Please update the OS carefully because there is a possibility that the system may malfunction.