Apache HTTP Server Vulnerabilities

Apache HTTP Server Vulnerabilities

3 new critical* vulnerabilities with CVSS 3.1 score of 9.8 have been published.

An attacker who exploits these vulnerabilities can possibly bypass security measures, access sensitive data, and write data of his/her choosing into the heap memory of the affected server.

Affected Systems

The following servers/systems are affected by this vulnerability;

• Apache HTTP Servers version 2.4.52 and prior

IoC’s

-

Recommended Solution(s)

The following mitigations have been suggested;

• Upgrade to version 2.4.53

CVE / CWE

CVE-2022-23943, CVE-2022-22721, CVE-2022-22720

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2022-23943
• https://nvd.nist.gov/vuln/detail/CVE-2022-22721
• https://nvd.nist.gov/vuln/detail/CVE-2022-22720

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.