Open Source Development

Back to Library

httpd 2.4.49 or greater - needed to address CVE-2021-40438 

Fri October 01, 2021 10:14 AM

Tenable is reporting the version of Apache httpd installed on the remote host is prior to 2.4.49. It is, therefore, affected by a vulnerability as referenced in the 2.4.49 changelog. - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. (CVE-2021-40438).

Please update httpd to 2.4.49 or greater to fix this high vulnerability.
#AIXOpenSource

Statistics
0 Favorited
10 Views
0 Files
0 Shares
0 Downloads

Comments

Alexander Glaser
Wed October 27, 2021 03:11 AM

Same thing, we need a new build >2.4.49 with the security fix. can we hope  ?
Thank you very much !

Hans-Peter G.
Mon October 25, 2021 09:45 AM

Same topic with us. Tenable reports a critical security issue with httpd < 2.4.49. Current version @Apache is 2.4.51. Could you please provide that RPM?

Thanks.​