Apache HTTP Server is free, open source web server software for Unix platforms that runs 46% of the world’s web sites. It is maintained and developed by the Apache Software Foundation.
It allows website owners to serve content on the web, hence the name “web server”. It is one of the oldest and most reliable web servers, with the first version released more than 20 years ago, in 1995, unfortunately, as it is already quite old, it has one or another vulnerability which we must be careful about.
Several vulnerabilities have been discovered in the Apache web server, the most serious of which could allow remote code execution. The Apache web server is software developed by the Apache Software Foundation as a free, open source tool used to host websites. Successful exploitation of the most serious of these vulnerabilities could allow an attacker to execute remote code in the context of the affected application. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, the exploitation of the most serious of these vulnerabilities could have less impact than if it were configured with administrative rights.
Vulnerabilities that we can find in the open source Apache
It is extremely important that you have updated since these vulnerabilities affect Apache Versions 2.4.43 and earlier, not only this but for government entities that have this it is extremely important to update Apache.
▸CVE-2020-11984
A possible remote code execution vulnerability due to a buffer overflow with the mod_uwsgi module.
▸CVE-2020-11993
A denial of service vulnerability that is triggered when trace / debugging is enabled.
▸CVE-2020-9490
A denial of service vulnerability is triggered when a PUSH packet is sent using the ‘Cache-Digest’ header.
Check also:
CRLF Injection – A Vulnerability that attacks servers
PHP Vulnerabilities and risks
