header-logo-img
  • Home
  • Solutions
    ENTERPRISE SERVICES Integrated Managed Mobility & EndPoint Services Telecom Expense Management & Optimisation Device Lifecycle Management Procurement & Support Device Security & Application Site, Branch & Site Connectivity
    ENTERPRISE OUTCOMES Reduce Costs Track Assets & Centralized Management Security
  • About Us
  • Contact Us
  • Blog

Critical Vulnerability in Certain Versions of Apache HTTP Server

underline-img

18 October 2021

Share on linkedin Share on twitter Share on facebook

A vulnerability exists in Apache HTTP Server 2.4.49. A cyber actor could exploit this vulnerability to execute arbitrary code. Initial information also indicates that the vulnerability could also be used perform remote code execution under certain configurations. Affected Australian organisations should apply the available patch.

Alert status: CRITICAL

Background /What has happened?

Vulnerabilities (CVE-2021-41773) and CVE-2021-42013) have been identified in Apache HTTP Server, one of the most commonly used web servers in Australia and globally across both Unix-based and Microsoft Windows environments. This vulnerability could allow a cyber actor to execute arbitrary code remotely or download sensitive files outside of the web server root. A cyber actor could use these vulnerabilities to install malware or otherwise control the affected host or download files containing credentials or other sensitive information. A new update has been released by the Apache Software Foundation (version 2.4.51) which addresses the vulnerabilities present in 2.4.49 and 2.4.50.

The Apache Software Foundation has identified that this vulnerability is actively being exploited.

Mitigation / How do I stay secure?

Australian organisations who utilise Apache HTTP Server should review their patch level and update to the latest available version if required.

Further details on the vulnerability and software updates are available from the Apache Software Foundation.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).

Latest from the Blog

blog-featured

How Proactive Benchmarking Improves Negotiation and Reduces Risk arrow

blog-featured

Are You Ready for 2026’s Telecom Compliance Challenges? Atrium Helps You Stay Ahead arrow

blog-featured

iOS 26: What Businesses Need To Know for Enterprise Mobile Management arrow

blog-featured

iPhone 17: What Businesses Need To Know About Enterprise Device Management arrow

3 Strategies to Reduce Telecom Cost

Here's How
footer-logoimg

VoicePlus is your independent managed mobility and endpoint specialist. We combine our experience and technology to secure cost savings and optimise productivity for clients seeking better business outcomes.

The VoicePlus Companies acknowledges the Traditional owners of the lands on which we meet and work, both at our offices on Cammeraygal land and our locations across Australia. We pay our respects to Elders’ past, present and emerging and honour their living culture and custodianship.

Solutions

Integrated Managed Mobility

Telecom Expense Management

Device Lifecycle Management

Procurement & Support

Device Security & Application

Site, Branch & Site Connectivity

seperator-img

Cost Reduction

Asset Tracking

Managed Mobility & Endpoint Services

VoicePlus

Privacy Policy

Modern Slavery

Contact Us

About Us

Find Us

Suite 902, 275 Alfred St. North Sydney NSW 2060

+61 2 9334 5600

customercare@voiceplus.com.au

twitter-img linkedin-img fb-img