Security News > 2020 > August > Google Researcher Reported 3 Flaws in Apache Web Server Software
Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service.
The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the "Mod uwsgi" module, potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server.
"[A] Malicious request may result in information disclosure or of an existing file on the server running under a malicious process environment," Apache noted.
Cache Digest is part of a now-abandoned web optimization feature that aims to address an issue with server pushes - which allows a server to preemptively send responses to a client ahead of time - by allowing the clients to inform the server of their freshly cached contents so that bandwidth is not wasted in sending resources that are already in the client's cache.
On unpatched servers, this issue can be resolved by turning the HTTP/2 server push feature off.
News URL
https://thehackernews.com/2020/08/apache-webserver-security.html
Related news
- Apache fixes remote code execution bypass in Tomcat web server (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices (source)
- Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool (source)