Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Vulnerability in Apache HTTP Server

10 January 2022

Security researchers have discovered a buffer overflow vulnerability (CVE-2021-44790) in Apache HTTP Server. Successful exploitation could allow an attacker to perform a remote code execution attack.

The vulnerability is exploited through a carefully crafted request body which could cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).

This vulnerability affects Apache HTTP Server versions 2.4.51 and earlier. Administrators of the affected versions are advised to upgrade to the latest Apache HTTP Server version 2.4.52 immediately.

More information is available here:
https://httpd.apache.org/security/vulnerabilities_24.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
https://nvd.nist.gov/vuln/detail/CVE-2021-44790
https://portswigger.net/daily-swig/internet-bug-bounty-high-severity-vulnerability-in-apache-http-server-could-lead-to-rce

Back to top