Apache HTTP Server devs issue fix for critical data leak vulnerability – update now

0



Jessica Haworth

05 October 2021 at 15:21 UTC

Updated: 05 October 2021 at 15:41 UTC

Bug was inadvertently introduced in last month’s security release

Web admins are urged to protect against a high-impact path traversal vulnerability in the latest version of Apache Server that is being exploited in the wild.

As previously reported by The Daily Swig, the September update to Apache HTTP Server 2.4 fixed a number of issues, including server-side request forgery (SSRF) and request smuggling bugs.

READ MORE Developers fix multitude of vulnerabilities in Apache HTTP Server

These security issues were patched in version 2.4.49, however this update has since been found to have introduced a new vulnerability.

In a security advisory yesterday (October 5), Apache developers said that a flaw was found in changes made to the path normalization process in the open source web server software.

Data leak warning

“An attacker could use a path traversal attack to map URLs to files outside the expected document root,” the Apache advisory warns.

“If files outside of the document root are not protected by ‘require all denied’ these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts.”

Read more of the latest news about security vulnerabilties

Apache has patched the issue in version 2.4.50, and web admins are encouraged to apply the fix as soon as possible.

Reproduction

Today (October 5), researchers from PT Swarm said that they have managed to reproduce the issue. Despite requests to the contrary, the researchers kept their proof-of concept under wraps.

The team took to Twitter to announce that they had successfully exploited the bug, adding: “Patch ASAP!”

A blog from Sonatype reported that more than 112,000 Apache servers across the globe were running the vulnerable version, adding that about 40% of these were located in the US.

Apache said that the vulnerability was disclosed by Ash Daulton of cPanel Security.

The Daily Swig has contacted cPanel Security and PT Swarm for more information and will update this article if and when more information comes to hand.

DON’T MISS OnionShare: Secure communications platform used by whistleblowers and journalists patches data exposure bug





Source link

You might also like
Leave A Reply

Your email address will not be published.