Apache releases new security patch for HTTP server

The Apache Software Foundation has released a patch to fix a critical flaw in its hugely popular web server that may allow remote attackers to take control of a vulnerable system.

A fix has been issued for a critical flaw in Apache HTTP Server, the world’s second-most widely used web server.

The first Apache web server flaw is a memory-related buffer overflow affecting Apache HTTP Server 2.4.51 and earlier.

The Cybersecurity and Infrastructure Security Agency (CISA) has warned it “may allow a remote attacker to take control of an affected system”.

The Apache Software Foundation has released three updates in the past week in the wake of the widespread ‘Log4Shell’ vulnerability in Log4j version 2 branch.

As the world scrambles to plug serious security bugs that can derail the Internet for millions, Google has said that more than 35,000 Java packages, amounting to over 8 per cent of the Maven Central repository (the most significant Java package repository), have been impacted by the recently disclosed vulnerabilities with widespread fallout across the software industry.

Cyber criminals are making thousands of attempts to exploit a second vulnerability involving a Java logging system called ‘Apache log4j2’.

Cybersecurity firms have found that major ransomware groups like Conti are exploring ways to take advantage of the vulnerability.

They warned that hackers were making over 100 attempts every minute to exploit a critical security vulnerability in the widely-used Java logging system called ‘Apache log4j2’, leaving millions of companies globally at cyber theft risk.

Several popular services, including Apple iCloud, Amazon, Twitter, Cloudflare and Minecraft, are vulnerable to this ‘ubiquitous’ zero-day exploit, now dubbed as one of the most serious vulnerabilities on the Internet in recent years. IANS