WARNING: Apache HTTP 2.4.17 to 2.4.38 Local Root Exploit

ViAdCk

Verified User
Joined
Feb 14, 2005
Messages
267
We got the following alert from Rack911:

Apache HTTP 2.4.17 to 2.4.38 is vulnerable to a local root exploit when mod_prefork, mod_worker and mod_event are used:

https://httpd.apache.org/security/vulnerabilities_24.html

We are hearing reports of exploit(s) already being produced and strongly recommend that everyone update to Apache HTTP 2.4.39 as soon as possible - especially in shared hosting environments!

https://www.apache.org/dist/httpd/Announcement2.4.html

https://www.zdnet.com/article/apache-web-server-bug-grants-root-access-on-shared-hosting-environments/
Apache 2.4.39 is available already, an update would be recommended for all users.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,854
Location
GMT +7.00
Hello,

Custombuild already has the update:

Apache 2.4.38 to 2.4.39 update is available.
 
Top