search cancel

Upgrade HTTP Server version 2.4.51 to Address Vulnerabilities

book

Article ID: 229421

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction


We need to update Apache HTTP to version 2.4.51 to prevent vulnerabilities CVE-2021-41773 and CVE-2021-42013


CVE-2021-41773
https://nvd.nist.gov/vuln/detail/CVE-2021-41773


CVE-2021-42013
https://nvd.nist.gov/vuln/detail/CVE-2021-42013

Cause


Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation

Environment

Release : 21.2

Component : Spectrum OneClick

Resolution


NetOps 21.2.6 due out in December/January will update Apache HTTP to 21.4.51

Additional Information


Apache HTTP is only used with the Mod Security option. This is not configured nor enabled by default so HTTP does not run unless Mod Security was setup and configured

Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation
https://us-cert.cisa.gov/ncas/current-activity/2021/10/07/apache-releases-http-server-version-2451-address-vulnerabilities