Apache 2.4.60
Posted by: jjuarez (155.135.55.---)
Date: July 03, 2024 09:19PM

Greetings,

I was just provided with a Vulnerability report by my organization. It shows that Apache version 2.4.59 contains several severe vulnerabilities (see below). Will there be a add-on for 2.4.60 in the near future so that I can update our server? Thank you in advance.

Vulnerability Insight
The following aws exist:
- CVE-2024-36387: Denial of Service (DoS) by Null pointer in websocket over HTTP/2
- CVE-2024-38472: Windows UNC Server-Side Request Forgery (SSRF)
- CVE-2024-38473: Proxy encoding problem
- CVE-2024-38474: Weakness with encoded question marks in backreferences
- CVE-2024-38475: Weakness in mod_rewrite when first segment of substitution matches lesystem path
- CVE-2024-38476: May use exploitable/malicious backend application output to run local handlers via internal redirect
- CVE-2024-38477: Crash resulting in DoS in mod_proxy via a malicious request
- CVE-2024-39573: mod_rewrite proxy handler substitution

Options: ReplyQuote
Re: Apache 2.4.60
Posted by: maximus23 (---.dynamic.voo.be)
Date: July 04, 2024 06:34AM

HI,

Apache httpd 2.4.61 is released as GA.

ASF and Apachelounge changes : [www.apachelounge.com]

Important security vulnerabilities fixed in 2.4.xx, see [httpd.apache.org] .

La version pour WampServer sera disponible dans un futur proche.

smiling smiley

Options: ReplyQuote
Re: Apache 2.4.60
Posted by: Dragos (---.workpage.ro)
Date: July 04, 2024 07:31AM

Why suppress Apache 2.4.60 ?

===========================
thank you,
Dragos
===========================
I use:
windows 10 x64 bit
wampserver 3.3.6 (64bit)
php 8.3.9
mysql 9.0.1
phpmyadmin 5.2.1
apache 2.4.62
MariaDB 11.4.2

Options: ReplyQuote
Re: Apache 2.4.60
Posted by: Otomatic (Moderator)
Date: July 04, 2024 08:49AM

You should read all the messages posted on this forum and in particular:
Suppress Apache 2.4.60

---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons

Options: ReplyQuote


Sorry, only registered users may post in this forum.