Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to Cyber Attack

18-July-24

The Apache Software Foundation disclosed multiple critical vulnerabilities in the Apache HTTP Server, affecting various versions and potentially exposing millions of websites to cyber-attacks. These include source code disclosure (CVE-2024-40725, CVE-2024-39884), server-side request forgery (SSRF) (CVE-2024-40898, CVE-2024-38472), and denial of service (DoS) (CVE-2024-36387). Other notable issues involve HTTP request splitting (CVE-2023-38709, CVE-2024-24795), memory exhaustion (CVE-2024-27316), and buffer over-read (CVE-2023-31122). These vulnerabilities could lead to severe consequences such as unauthorized access, information disclosure, and service disruption, necessitating prompt updates and fixes to secure affected systems.

Read More…