Report Incident
× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Advisory: Apache CVE

Apache has released a security update to address a vulnerability affecting different versions of their software (CVE-2022-42889).
 
Affected systems
 
This vulnerability is affecting versions starting with version 1.5 and continuing through 1.9.
 
Security Risks
 
This vulnerability may allow remote code execution or unintentional contact with remote servers if untrusted configuration values are used.
 
Recommended Actions
 
The National Cyber Security Authority (NCSA) strongly recommends to system administrators:
a. Follow the advisory shared by Apache and apply suggested mitigations to lower the risk of vulnerability exploitation.
b. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
c. Before any update task, please ensure you have a recent backup that can easily be restored.
 
For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.
 
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om

19 October 2022

© 2024 National Cyber Security Authority