Thursday , October 24 2024
apache

Apache HTTP Server Update Patches Critical Source Code Disclosure Flaw

infosecbulletin Friday , July 5 2024 International

Apache Software Foundation released Apache HTTP Server version 2.4.61 to fix a serious source code disclosure vulnerability (CVE-2024-39884). This flaw could expose sensitive server information to malicious actors.

The CVE-2024-39884 vulnerability is caused by a problem in how old content-type configurations are managed. The “AddType” directive and similar settings, when used in certain situations, may accidentally expose the source code of files meant to be processed, including server-side scripts, configuration files, or other sensitive data.

Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

By infosecbulletin / Wednesday , October 23 2024
White hat hackers at the Pwn2Own Ireland 2024 contest by Trend Micro's Zero Day Initiative earned $500,000 on the first...
Read More
Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

Fortinet + Crowdstrike team on protection from endpoint to firewall

By infosecbulletin / Tuesday , October 22 2024
In today's rapidly changing cybersecurity environment, organizations encounter numerous complex threats targeting endpoints and networks. CrowdStrike and Fortinet have partnered...
Read More
Fortinet + Crowdstrike team on protection from endpoint to firewall

Sophos to Acquire Secureworks in $859M

By infosecbulletin / Tuesday , October 22 2024
Sophos, based in the UK, is to acquire Secureworks, a Nasdaq-listed company, for $859 million in cash from Dell Technologies....
Read More
Sophos to Acquire Secureworks in $859M

2nd time hacker breached Internet Archive

By infosecbulletin / Monday , October 21 2024
The Internet Archive was breached again, this time through their Zendesk email support platform, following warnings that threat actors had...
Read More
2nd time hacker breached Internet Archive

Vulnhuntr: A Tool for Finding Exploitable Vulnerabilities with LLMs

By infosecbulletin / Sunday , October 20 2024
In today's changing cybersecurity environment, it's essential to find vulnerabilities in code. Vulnhuntr, an open-source tool on GitHub, uses Large...
Read More
Vulnhuntr: A Tool for Finding Exploitable Vulnerabilities with LLMs

Critical Vulnerabilities in Bitdefender Total Security Expose Users to MITM

By infosecbulletin / Friday , October 18 2024
Bitdefender said a vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly...
Read More
Critical Vulnerabilities in Bitdefender Total Security Expose Users to MITM

Microsoft’s Alarming Report: 600 Million Cyberattacks perday

By infosecbulletin / Thursday , October 17 2024
Cybersecurity threats have surged to extraordinary heights, as Microsoft’s latest Digital Defense Report reveals that its customers are confronted with...
Read More
Microsoft’s Alarming Report: 600 Million Cyberattacks perday

CVE-2024-38814
VMware fixes high-severity SQL injection flaw in HCX

By infosecbulletin / Thursday , October 17 2024
VMware has issued a warning about a remote code execution vulnerability, CVE-2024-38814, with a CVSS score of 8.8, in its...
Read More
CVE-2024-38814 VMware fixes high-severity SQL injection flaw in HCX

Over 90 Zero-Days, 40+ N-Days Exploited In The Wild

By infosecbulletin / Thursday , October 17 2024
Mandiant researchers found that over 90 zero-day vulnerabilities and more than 40 known vulnerabilities were exploited in the wild. Vulnerabilities...
Read More
Over 90 Zero-Days, 40+ N-Days Exploited In The Wild

Oracle Security Update, 334 Vulnerabilities Patched

By infosecbulletin / Wednesday , October 16 2024
Oracle's October 2024 Critical Patch Update has fixed 334 security vulnerabilities in its products. The CPU affects 28 Oracle product...
Read More
Oracle Security Update, 334 Vulnerabilities Patched

While source code disclosure might seem like a technical concern, the implications can be far-reaching. Attackers could exploit this vulnerability to:

Gain a deeper understanding of the server environment: This could lead to more advanced cyberattacks aimed at exploiting specific software versions or configurations.

Identify vulnerabilities in the revealed code: This may result in additional attacks, possibly compromising the entire server or connected systems.

Steal sensitive data: If the code is exposed, it could lead to severe consequences.

The Apache team advises all users to upgrade from version 2.4.60 to 2.4.61. This update fixes a source code disclosure flaw and other vulnerabilities and bugs found in the previous version.

To learn about the vulnerabilities fixed in Apache HTTP Server 2.4.61, visit the official security advisory on the Apache website. Also, enhance your security by using web application firewalls, intrusion detection systems, and regular vulnerability scanning to protect against new threats.

Check Also

nist

NIST unveils new password guidelines 2024: 11 rules to follow

The National Institute of Standards and Technology (NIST) has issued new guidelines for password security, …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin