5 verified briefings on Apache. Each story includes a plain-English summary, why it matters, and the concrete action engineering teams should take.
Multiple vulnerabilities have been discovered in the Apache HTTP Server, including issues that could lead to denial-of-service, authentication bypass, and server-side request forgery. The flaws affect several Ubuntu LTS versions, prompting security updates for systems running the popular web server software.
A vulnerability in Apache Tomcat Connectors on Unix-like systems stems from incorrect default permissions for shared memory. A local attacker could potentially view or modify configuration data, leading to sensitive information exposure or a denial of service. Users are advised to apply the available security patch.
Ubuntu has released a follow-up security update for the Apache HTTP Server on Ubuntu 18.04 LTS. A previous patch, intended to fix vulnerabilities, inadvertently broke HTTP/2 functionality. This new update corrects the regression, restoring full service while maintaining security.
A critical remote code execution (RCE) vulnerability has been found in Apache Commons BeanUtils, a popular Java library. The flaw allows attackers to access a specific property in Java enum objects, potentially letting them run arbitrary code on affected systems, requiring immediate attention.
A new remote denial-of-service vulnerability, named HTTP/2 Bomb, affects major web servers including NGINX, Apache, Microsoft IIS, Envoy, and Cloudflare. The flaw exists in the default HTTP/2 configuration of these servers, making them susceptible to attack without any special setup, according to researchers.