Advisory 2024-09/01 Apache HTTP Server Vulnerabilities
Vulnerability type | Server-side request forgery (SSRF), denial of service, improper encoding or escaping of output, insufficient information, null pointer dereference, improper input validation |
Severity factors | These vulnerabilities have low to high to critical severity ratings for users who are affected. FileCloud is updating Apache HTTP Server to version 2.4.62 to fix these vulnerabilities. |
Versions affected | FileCloud versions earlier than 23.241.1 are affected. |
Version fixed | FileCloud version 23.241.1 and later |
Description
In Apache HTTP Server versions below 2.4.60:
- On Windows, SSRF may allow hash leakage
- Request URLs with incorrect encoding may bypass authentication
- Script execution may occur in restricted areas
- A weakness in mod_rewrite may allow arbitrary code execution
- Backend response headers may enable SSRF or local script execution
- Crafted requests may cause denial of service attacks
- Mod_rewrite may enable SSRF
- Null pointer dereference may cause the server to crash
Fix
FileCloud version 23.241.1.27146 upgrades Apache HTTP Server to version 2.4.62, which does not include these vulnerabilities.
What you should do to fix this vulnerability
- If you are using FileCloud Server, we recommended that you update to the latest version, which is 23.241.1.27146 or greater.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.