Question: Is the default HestiaCP config affected by the recent Apache 2.4.49/50 bug that is being exploited recently? I’m asking because on my HestiaCP system the (presumably vulnerable) Apache 2.4.49-50 packages from sury.org were used during the last month.

critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)

https://httpd.apache.org/security/vulnerabilities_24.html

So far I was not able to replicate the issue…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.