5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.016 Low
EPSS
Percentile
87.4%
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards.
Three vulnerabilities were found:
No special privileges are required for these vulnerabilities. As a result, all users are recommended to upgrade their Apache installations.
There is no immediate workaround; a software upgrade is required. There is no workaround for the mod_disk_cache issue; users are recommended to disable the feature on their servers until a patched version is released.
Users are urged to upgrade to Apache 2.0.49:
# emerge sync
# emerge -pv ">=www-servers/apache-2.0.49"
# emerge ">=www-servers/apache-2.0.49"
# **IMPORTANT**
# If you are migrating from Apache 2.0.48-r1 or earlier versions,
# it is important that the following directories are removed.
# The following commands should cause no data loss since these
# are symbolic links.
# rm /etc/apache2/lib /etc/apache2/logs /etc/apache2/modules
# rm /etc/apache2/modules
# ****** ** **
# **ALSO NOTE**
# Users who use mod_disk_cache should edit their Apache
# configuration and disable mod_disk_cache.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | www-servers/apache | <= 2.0.48 | UNKNOWN |