Apache has recently made an announcement, revealing a major security vulnerability/exploit where servers running in Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
More Details:
https://httpd.apache.org/security/vulnerabilities_24.html
Update Your Systems!
For those running Apache to their servers, we’d recommend updating as soon as possible. To do this on a CentOS based server, simply run:
yum -y update
Servers running cPanel/WHM have already been automatically upgraded. Or if not, you can manually upgrade it by running:
yum -y update ea-apache24*
After updating Apache, you can verify your current Apache version by running the following command, which should read Apache 2.4.39 or higher.
httpd -v
Frequently Asked Question: Are servers running LiteSpeed Web Server affected?
No, it is not. This only affects servers running Apache version 2.4.17 to 2.4.38.
At LowEndBox, our News and Editorial Team is dedicated to delivering timely, accurate, and actionable content tailored to the needs of developers, hosting enthusiasts, and infrastructure professionals. We curate, report, and analyze the latest developments in the world of hosting, cloud infrastructure, data centers, open-source platforms, and internet services, always with a focus on value, performance, and accessibility.
Our team monitors the global hosting landscape to bring you breaking news, vendor updates, platform changes, market trends, and expert insights. Whether it’s a price hike from a major control panel, a breakthrough in virtualization technology, or a new indie provider shaking up the market, we strive to deliver content that empowers the LowEnd community to stay informed and ahead of the curve.
We also collaborate closely with the vibrant LowEndTalk community to surface meaningful discussions, highlight real-world deployments, and share voices from within the ecosystem.
Our mission is simple: to help you make smarter infrastructure decisions by delivering the stories that matter, clearly, consistently, and without hype.
Stay tuned for fresh editorial content, in-depth analyses, and community-powered features from the team that keeps LowEndBox running.
Leave a Reply