The Apache Software Foundation has issued a patch to address a severe problem in its widely used web server that allows remote attackers to take control of a system.
A security patch has been issued for a critical flaw in Apache HTTP Server, the world’s second-most popular web server.
The first vulnerability in Apache web server is a memory-related buffer overflow that affects Apache HTTP Server versions 2.4.51 and earlier.
The Cybersecurity and Infrastructure Security Agency (CISA) has warned it “may allow a remote attacker to take control of an affected system”.
As the world scrambles to patch serious security flaws that could bring the Internet to a halt for millions, Google has announced that the recently disclosed vulnerabilities have impacted over 35,000 Java packages, accounting for over 8% of the Maven Central repository (the most significant Java package repository), with widespread ramifications across the software industry.
Thousands of attempts are being made to exploit a second vulnerability involving the Java logging system ‘Apache log4j2’.
Cybersecurity firms have discovered that major ransomware groups such as Conti are looking into exploiting the flaw.
They also warned that hackers were attempting over 100 times per minute to exploit a critical security flaw in the widely used Java logging system ‘Apache log4j2,’ putting millions of businesses at risk of cyber theft.
This ‘ubiquitous’ zero-day exploit, currently regarded as one of the most serious vulnerabilities on the Internet in recent years, affects a number of popular services, including Apple iCloud, Amazon, Twitter, Cloudflare, and Minecraft.