You can now find Cyber Kendra on Google News | Telegram

Apache HTTP Servers are at Risk of Hacker Attacks

Hackers are actively exploiting a server side request forgery vulnerability in the Apache HTTP server.

Specialists from the German Federal Office for Information Security and Cisco have warned of cyberattacks in which criminals exploit a vulnerability ( CVE-2021-40438 ) in the Apache HTTP server.

The issue is a Server Side Request Forgery (SSRF) vulnerability that can be exploited against httpd (The Apache HTTP Server) web servers with the mod_proxy module enabled. An attacker could exploit the vulnerability by sending a specially crafted request and causing the module to redirect the request to an arbitrary origin server.

The issue was discovered by the Apache HTTP Security Team while investigating another vulnerability. The vulnerability affects server versions 2.4.48 and earlier and was fixed in mid-September this year with the release of version 2.4.49.

“By sending a specially crafted request, attackers can force the enabled mod_proxy module to route connections to the originating server of their choice, thereby stealing secrets (metadata or infrastructure keys) or gaining access to other internal servers,” explained experts from Fastly.

According to experts, vulnerable versions of httpd have been launched on more than 500 thousand servers. Since cloud services such as AWS, Microsoft Azure, and Google Cloud Platform provide protection against cyber attacks, the vulnerability mainly affects organizations that independently manage httpd servers.

Rapid7 team is also monitoring the exploitation of the bug and they mentioned that team observed over 4 million potentially vulnerable instances of Apache httpd 2.x:

How to Prevent it (CVE-2021-40438)?

As the bug resides in version 2.4.48 which has been patched with the release of Apache version 2.4.49. But note that, Apache HTTP Server versions 2.4.49 and 2.4.50 included other severe vulnerabilities (read here about the vulnerabilities on 2.4.49 & 2.4.50) that are known to be exploited in the wild, so Apache httpd customers should upgrade to the latest version (2.4.51 at time of writing) instead of upgrading incrementally.

Several experimental PoC codes have surfaced on the web to exploit the vulnerability, and the German Federal Information Security Administration and Cisco have documented at least one attack exploiting the problem.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.