AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

 View Only
Back to Library

httpd 2.4.49 or greater - needed to address CVE-2021-40438 

Fri October 01, 2021 10:14 AM

Tenable is reporting the version of Apache httpd installed on the remote host is prior to 2.4.49. It is, therefore, affected by a vulnerability as referenced in the 2.4.49 changelog. - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. (CVE-2021-40438).

Please update httpd to 2.4.49 or greater to fix this high vulnerability.

Statistics
0 Favorited
10 Views
0 Files
0 Shares
0 Downloads

Comments

Alexander Glaser
Wed October 27, 2021 03:11 AM

Same thing, we need a new build >2.4.49 with the security fix. can we hope  ?
Thank you very much !

Hans-Peter G.
Mon October 25, 2021 09:45 AM

Same topic with us. Tenable reports a critical security issue with httpd < 2.4.49. Current version @Apache is 2.4.51. Could you please provide that RPM?

Thanks.​