Security News > 2020 > August > Google Researcher Reported 3 Flaws in Apache Web Server Software
Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service.
The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the "Mod uwsgi" module, potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server.
"[A] Malicious request may result in information disclosure or of an existing file on the server running under a malicious process environment," Apache noted.
Cache Digest is part of a now-abandoned web optimization feature that aims to address an issue with server pushes - which allows a server to preemptively send responses to a client ahead of time - by allowing the clients to inform the server of their freshly cached contents so that bandwidth is not wasted in sending resources that are already in the client's cache.
On unpatched servers, this issue can be resolved by turning the HTTP/2 server push feature off.
News URL
https://thehackernews.com/2020/08/apache-webserver-security.html
Related news
- Rackspace internal monitoring web servers hit by zero-day (source)
- Finland seizes servers of 'Sipultie' dark web drugs market (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform (source)