How to save your server from Apache 2.4.7 Vulnerability (mod_status)

Home / How to save your server from Apache 2.4.7 Vulnerability (mod_status)

If your server is running with an apache 2.4.7 , then the chance for being hacked is high . Listing two solutions to solve this issue .

Description:

An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.

Proof:

  • Running HTTP service
  • Product HTTPD exists — Apache HTTPD 2.4.7
  • Vulnerable version of product HTTPD found — Apache HTTPD 2.4.7


Vulnerability ID
: apache-httpd-cve-2014-0226

Solution:

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *