Apache CVE : CVE-2021-41524

Support for security such as Firewalls and securing linux
Post Reply
somaraz
Posts: 7
Joined: 2018/01/04 02:23:41

Apache CVE : CVE-2021-41524

Post by somaraz » 2021/10/08 05:13:21

Hi Team,

I got alert for CVE-2021-41524 on apache running below Apache 2.4.49.
Currently I have httpd-2.4.6-97.el7.centos.x86_64 but I don't see any update available yet.

Am I safe with httpd-2.4.6-97.el7.centos.x86_64 ?

Thanks,

larwood
Posts: 66
Joined: 2011/07/27 12:07:30
Location: Perth WA, Australia

Re: Apache CVE : CVE-2021-41524

Post by larwood » 2021/10/08 05:20:34

My understanding is the vulnerabilities only affect versions 2.4.49 & 2.4.50. You should not be affected with 2.4.6.

https://www.cyber.gov.au/acsc/view-all- ... ttp-server
https://httpd.apache.org/security/vulne ... es_24.html

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Apache CVE : CVE-2021-41524

Post by TrevorH » 2021/10/08 08:10:37

The bug was introduced in 2.4.49 which was only released on Sept 16th 2021.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Apache CVE : CVE-2021-41524

Post by jlehtone » 2021/10/08 08:22:49

https://access.redhat.com/security/cve/cve-2021-41524 says (about RHEL 7 and hence CL7): "Not affected"

Post Reply