DESCRIPTION:
Apache HTTP Server exist vulnerabilities allow a remote attacker to perform Server-Side Request Forgery (SSRF) and Buffer Overflow attacks. The SSRF vulnerability could be exploited by a remote attacker to gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system. The Buffer Overflow vulnerability could be exploited by a remote attacker to execute arbitrary code on the target system.
AFFECTED RELEASES:
CVE-2021-44224:
Apache HTTP Server 2.4.7 up to 2.4.51 (included)
CVE-2021-44790:
Apache HTTP Server 2.4.51 and earlier
SOLUTION:
Users and system administrators of affected products are advised to apply the security updates immediately from the following URL:
https://httpd.apache.org/security/vulnerabilities_24.html
REFERENCE:
1. https://httpd.apache.org/security/vulnerabilities_24.html
2. https://nvd.nist.gov/vuln/detail/CVE-2021-44224
3. https://nvd.nist.gov/vuln/detail/CVE-2021-44790
4. https://www.cybersecurity-help.cz/vdb/SB2021122005