September 21, 2023

The Apache Software Foundation has released new update to address two flaws that could be exploited by a remote attacker to take control of a vulnerable system running in its popular web server.

The flaws, tracked as CVE-2021-44790 and CVE-2021-44224, with CVSS scores of 9.8 and 8.2 respectively. Though the flaw in Apache’s web server has a critical rating, it’s still ranked below Log4Shell which has a CVSS score of 10 out of 10.


The first flaw is a memory related buffer overflow that affects Apache HTTP Server and earlier versions while the second flaw can be used to achieve server side request forgery in Apache HTTP Server 2.47 up to 2.4.51.

Patching these two flaws in Apache’s web server should be a top priority for site owners due to the fact that Apache HTTP Server’s popularity worldwide makes vulnerable systems a prime target for hackers.

In a new alert sent out by the CISA, the US government agency warns that the buffer overflow flaw in Apache Web server could allow a remote attacker to take control of an affected system.

Although this critical bug has been used in any exploits in the wild yet, the Apache HTTPD team believes that it could be weaponized by an attacker.


Organizations and individuals running Apache HTTP Server should check and update the software to the latest version as soon as possible to protect themselves from any potential attacks exploiting this critical flaw.

Leave a Reply

%d bloggers like this: