The Apache Software Foundation has released a patch to fix a critical flaw in its web server that allows remote attackers to take control of a vulnerable system.
Apache HTTP Server is the world’s second-most widely used web server.
The first Apache web server flaw is a memory-related buffer overflow affecting Apache HTTP Server 2.4.51 and earlier.
The Cybersecurity and Infrastructure Security Agency (CISA) has warned it may allow a remote attacker to take control of an affected system.
The Apache Software Foundation has released three updates in the past week in the wake of the widespread Log4Shell vulnerability in Log4j version 2 branch.
Google said that more than 35,000 Java packages, amounting to over 8 percent of the Maven Central repository (the most significant Java package repository), have been impacted by the recently disclosed vulnerabilities with widespread fallout across the software industry.
Cyber criminals are making thousands of attempts to exploit a second vulnerability involving a Java logging system called Apache log4j2.
Cybersecurity firms have found that major ransomware groups like Conti are exploring ways to take advantage of the vulnerability.
They warned that hackers were making over 100 attempts every minute to exploit a critical security vulnerability in the widely-used Java logging system called Apache log4j2, leaving millions of companies globally at cyber theft risk.
Several popular services, including Apple iCloud, Amazon, Twitter, Cloudflare and Minecraft, are vulnerable to this zero-day exploit, now dubbed as one of the most serious vulnerabilities on the Internet in recent years.