Recently, the National Information Security Vulnerability Database (CNNVD) received a report on the vulnerability of the Apache HTTP Server code (CNNVD-202109-1094, CVE-2021-40438). An attacker who successfully exploits the vulnerability can construct malicious data to conduct SSRF attacks on the target server. Apache HTTP Server 2.4.48 and below are affected by this vulnerability. At present, Apache has officially released a version update to fix this vulnerability. It is recommended that users confirm the product version in time and take patching measures as soon as possible.
1. Vulnerability introduction
Apache HTTP Server is an open source web server of the Apache Foundation in the United States. The server is fast, reliable and extensible through a simple API.
There is a code problem vulnerability in Apache HTTP Server. This vulnerability is caused by the system’s failure to strictly filter the user’s input. An attacker can construct malicious data to carry out SSRF attacks on the target server. This vulnerability can be used as a springboard for attacking the intranet of the target server, so as to perform port scanning on the intranet where the server is located, attack applications running on the intranet, and download intranet resources.
2. Harmful effects
An attacker who successfully exploits the vulnerability can construct malicious data to remotely attack the target server. Apache HTTP Server 2.4.48 and below are affected by this vulnerability.
3. Repair suggestion
At present, Apache has officially released a version update to fix the vulnerability. Users are advised to confirm the product version in time and take patching measures as soon as possible. The official Apache update link is as follows:
https://httpd.apache.org/download.cgi
This notification is supported by CNNVD technical support units-Beijing Zhichuangyu Information Technology Co., Ltd., Sangfor Technology Co., Ltd., Beijing Times Xinwei Information Technology Co., Ltd. and other technical support units.
CNNVD will continue to track the relevant situation of the above-mentioned vulnerabilities and release relevant information in a timely manner. Contact CNNVD if necessary. Contact: [email protected]
The Links: NL6448BC33-70C MG150Q2YS40
Written By
“Current control is the key to improving the performance of the motor. How to accurately measure the strength of the current requires an accurate current sensor. The current sensor using TMR technology will be one of the ideal choices for related applications. This article will introduce you the characteristics of TMR technology, the types of current sensors, and the product characteristics ...
I believe that the fruit fans who have continued to pay attention to Mingmei Infinite should all know that the iPhone 12 launched by Apple last year has been enthusiastically sought after by consumers around the world, and sales are also rising. According to the la...
Due to the trade dispute between Japan and South Korea, the Japanese government decided in early July to ban the export of three important semiconductor and Display Panel materials to South Korea, forcing South Korean companies to embark on a path of independence. ...
With the increasing pressure on environmental protection, hydrogen energy has high hopes as a clean, efficient and safe secondary energy. Especially in the past two years, both national and local governments have frequently mentioned “hydrogen energy” i...