Apache HTTP Server - Remote Code Execution

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

9 days 17 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

Apache HTTP Server 2.4.32 to 2.4.44 contains an info disclosure and possible remote code execution caused by a vulnerability in mod_proxy_uwsgi, letting remote attackers access sensitive information and potentially execute arbitrary code, exploit requires sending crafted requests.

References:

https://github.com/RubenBar/MLW-upcrans/tree/main/1.Exploit
https://nvd.nist.gov/vuln/detail/cve-2020-11984

Remediation:
Update to >= 2.4.45

Get started to protecting your digital assets

Start trial See the plans

Apache HTTP Server - Remote Code Execution

Short Info

-

Detail

Category