Apache has recently made an announcement, revealing a major security vulnerability/exploit where servers running in Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
More Details:
https://httpd.apache.org/security/vulnerabilities_24.html
Update Your Systems!
For those running Apache to their servers, we’d recommend updating as soon as possible. To do this on a CentOS based server, simply run:
yum -y update
Servers running cPanel/WHM have already been automatically upgraded. Or if not, you can manually upgrade it by running:
yum -y update ea-apache24*
After updating Apache, you can verify your current Apache version by running the following command, which should read Apache 2.4.39 or higher.
httpd -v
Frequently Asked Question: Are servers running LiteSpeed Web Server affected?
No, it is not. This only affects servers running Apache version 2.4.17 to 2.4.38.
- SteadyVPS – Dedicated Server offer for $35 a month out of Los Angeles datacenter - April 25, 2020
- WindowsVPS.Host – VPS plans starting at $5.50! - March 13, 2020
- HostNOC – Dedicated VPN offer for $4.99 a month! Secure, Safe and Private! - March 9, 2020
Leave a Reply