Apache HTTP Server fixes crucial security flaws

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

The Apache Software Foundation has put out a new update to address two flaws that could be exploited by a remote attacker to take control of a vulnerable system running in its popular web server.

The flaws, tracked as CVE-2021-44790 and CVE-2021-44224, have CVSS scores of 9.8 and 8.2 respectively. Although the more severe flaw in Apache's web server has a critical rating, it's still ranked below Log4Shell which has a CVSS score of 10 out of 10.

The first flaw is a memory-related buffer overflow that affects Apache HTTP Server 2.4.5.1 and earlier versions while the second flaw can be used to achieve server side request forgery in Apache HTTP Server 2.47 up to 2.4.51.

Patching these two flaws in Apache's web server should be a top priority for site owners due to the fact that Apache HTTP Server's popularity worldwide makes vulnerable systems a prime target for hackers.

Potential to be weaponized

In a new alert sent out by the Cybersecurity and Infrastructure Security Agency (CISA), the US government agency warns that the buffer overflow flaw in Apache Web server could “allow a remote attacker to take control of an affected system”.

Although this critical bug has been used in any exploits in the wild yet, the Apache HTTPD team believes that it could be weaponized by an attacker.

For this reason, organizations and individuals running Apache HTTP Server should check out this announcement and update the software to the latest version as soon as possible to protect themselves from any potential attacks exploiting this critical flaw. 

We've also rounded up the best endpoint protection software and best firewall

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Apache Foundation urges users to patch now and fix major security worries
Dark Web monitoring
A worrying critical security flaw in Apache Tomcat could let hackers take over servers with ease
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Representational image depecting cybersecurity protection
CISA says Oracle and Mitel have critical security flaws being exploited
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game