Home » Apache HTTP Server Vulnerable: Multiple Vulnerabilities Allow Data Spoofing | information.de

Apache HTTP Server Vulnerable: Multiple Vulnerabilities Allow Data Spoofing | information.de

by admin
Apache HTTP Server Vulnerable: Multiple Vulnerabilities Allow Data Spoofing |  information.de

The safety alert issued for Apache HTTP Server has acquired an replace from BSI. You can examine which working techniques and merchandise are affected by the safety hole right here at information.de.

Federal workplace for Security in Information Technology (BSI) issued an replace on May 26, 2024 to the Apache HTTP Server safety vulnerability identified on April 4, 2024. The safety vulnerability impacts Linux, UNIX and Windows working techniques and and merchandise Debian Linux, IBM Rational ClearQuest, Fedora Linux, Ubuntu Linux, SUSE Linux, IBM HTTP Server, IBM Business Automation Workflow, Apache HTTP Server and F5 BIG-IP.

The newest producer suggestions concerning updates, workarounds and safety patches for this vulnerability may be discovered right here: Debian Security Advisory DLA-3819 (From 25 May 2024). Some helpful sources are listed later on this article.

Apache HTTP Server Security Advisory – Risk: Medium

Risk degree: 3 (average)
CVSS Base Score: 6.2
CVSS provisional rating: 5,4
Remote assault: No

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop techniques. The CVSS normal makes it attainable to check potential or precise safety dangers based mostly on numerous standards as a way to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For non permanent impact, body situations that will change over time are thought-about within the check. According to CVSS, the present vulnerability risk is assessed as “average” with a base rating of 6.2.

See also  Huadong Medicine expands its medical and aesthetics territory and acquires American medical and aesthetic equipment company_Viora_Products_Energy

Apache HTTP Server Vulnerability: Multiple vulnerabilities enable knowledge manipulation

Apache is a cross-platform internet server.

An attacker can exploit a number of vulnerabilities within the Apache HTTP Server to take advantage of knowledge.

Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) serial numbers. CVE-2023-38709 and CVE-2024-24795 on the market.

Systems affected by the safety hole at a look

Operating techniques
Linux, UNIX, Windows

Products
Debian Linux (cpe:/o:debian:debian_linux)
IBM Rational ClearQuest (cpe:/a:ibm:rational_clearquest)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
IBM HTTP Server 8.5 (cpe:/a:ibm:http_server)
IBM HTTP Server 9.0 (cpe:/a:ibm:http_server)
IBM Business Automation Workflow (cpe:/a:ibm:business_automation_workflow)
Apache HTTP Server F5 BIG-IP 17.1.0-17.1.1 (cpe:/a:f5:big-ip)
F5 BIG-IP 16.1.0-16.1.4 (cpe:/a:f5:big-ip)
F5 BIG-IP 15.1.0-15.1.10 (cpe:/a:f5:big-ip)

General steps for coping with IT vulnerabilities

  1. Users of affected techniques ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically incorporates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
  3. If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently test the desired sources to see if a brand new safety replace is on the market.

Manufacturer details about updates, patches and workarounds

Here you’ll discover some hyperlinks with details about bug studies, safety fixes and workarounds.

Debian Security Advisory DLA-3819 vom 2024-05-25 (26.05.2024)
For extra info, see:

See also  Porsche officially unveils the all-new 2024 718 Spyder RS

F5 Security Advisory K000139764 vom 2024-05-24 (26.05.2024)
For extra info, see:

Debian Security Advisory DLA-3818 vom 2024-05-25 (26.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1627-1 vom 2024-05-13 (13.05.2024)
For extra info, see:

Ubuntu Security Notice USN-6729-3 vom 2024-04-29 (29.04.2024)
For extra info, see:

IBM Security Bulletin 7148975 vom 2024-04-22 (21.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-D0DCCD6B96 vom 2024-04-17 (17.04.2024)
For extra info, see:

Ubuntu Security Notice USN-6729-2 vom 2024-04-17 (17.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-937BE154D8 vom 2024-04-17 (17.04.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-C2F6576348 vom 2024-04-18 (17.04.2024)
For extra info, see:

IBM Security Bulletin 7148492 vom 2024-04-17 (17.04.2024)
For extra info, see:

Debian Security Advisory DSA-5662 vom 2024-04-16 (16.04.2024)
For extra info, see:

Ubuntu Security Notice USN-6729-1 vom 2024-04-11 (11.04.2024)
For extra info, see:

IBM Security Bulletin 7147925 vom 2024-04-10 (10.04.2024)
For extra info, see:

Apache 2.4.59 Changes from 2024-04-04 (04.04.2024)
For extra info, see:

Version historical past of this safety alert

This is model 10 of this IT safety discover for Apache HTTP Server. If additional updates are introduced, this doc will likely be up to date. You can see the adjustments made utilizing the model historical past beneath.

April 4, 2024 – First model
April 8, 2024 – Rating corrected
April 10, 2024 – Added new updates from IBM
April 11, 2024 – Added new character updates
April 16, 2024 – New updates from Debian added
April 17, 2024 – Added new updates from IBM, Fedora and Ubuntu
April 21, 2024 – Added new updates from IBM
April 29, 2024 – Added new character updates
May 13, 2024 – New updates from SUSE added
May 26, 2024 – New updates from Debian and F5 added

See also  E-car company is launching a new Seagull with a starting price of under 10,000 euros

+++ Editorial notice: This doc relies on present BSI knowledge and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover sizzling information, present movies and a direct line to the editorial crew.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy