Apache Software Foundation Releases Security Update – Updated April 4, 2019

Author: Charles Egli

Created: Thursday, April 4, 2019 - 19:34

Categories: Cybersecurity, Federal & State Resources

April 4, 2019

The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Apache HTTP Server 2.4 vulnerabilities page and apply the necessary updates. Read the advisory at NCCIC/US-CERT.

November 5, 2018

The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. The NCCIC encourages users and administrators of Apache Struts versions 2.3.36 and prior to review the Apache security advisory for CVE-2016-1000031 and upgrade to the latest released version of Commons FileUpload library, which is currently 1.3.3. NCCIC/US-CERT.

October 3, 2017

The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server. US-CERT encourages users and administrators to review the Apache security advisory for ************************************@****he.org%3e” target=”_blank” rel=”noopener”>CVE-2017-12617 and apply the necessary updates. US-CERT.

September 6, 2017

The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review the Apache Security Bulletin and upgrade to Struts 2.5.13. US-CERT.

April 12, 2017

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may cause a remote attacker to obtain sensitive information. Users and administrators are encouraged to review Apache.org ************************************@****he.org%3e”>CVE-2017-5648, ************************************@****he.org%3e”>CVE-2017-5650, and ************************************@****he.org%3e”>CVE-2017-5651 for more information and apply the necessary updates. US-CERT.

March 8, 2017

The Apache Software Foundation has released security updates to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.3.32 or Struts 2.5.10.1. US-CERT.