Several vulnerabilities have been discovered in Apache HTTP Server included in Sysload Monitor latest available release:
|CVE||CVSS Base Score||Severity Rating*||Affected Product||Affected Version|
|CVE-2021-33193||7.5||Medium||Apache HTTP Server||2.4.17 to 2.4.48|
|CVE-2021-34798||N/A||N/A||Apache HTTP Server||Prior to 2.4.9|
|CVE-2021-36160||N/A||N/A||Apache HTTP Server||2.4.30 to 2.4.48|
|CVE-2021-39275||N/A||N/A||Apache HTTP Server||Prior to 2.4.9|
|CVE-2021-40438||N/A||N/A||Apache HTTP Server||Prior to 2.4.9|
We are right now using 2.4.41 which is the latest available version released on April 2020.
Release : 6.0
Component : Sysload Monitor
Outdated versions of PHP and Apache HTTP Server included in current Sysload Monitor release.
A new version of Sysload Monitor (6.00HF3) will contain updated versions of PHP and Apache Http Server to fix these vulnerabilities.
Please read carefully the readme.txt that explains the procedure to upgrade apache and php that are delivered with sysload monitor to address these vulnerabilities.