National Cyber Security Authority | Advisory: Apache CVE

Report Incident

× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Advisory: Apache CVE

Apache has released a security update to address a vulnerability affecting different versions of their software (CVE-2022-42889).

Affected systems

This vulnerability is affecting versions starting with version 1.5 and continuing through 1.9.

Security Risks

This vulnerability may allow remote code execution or unintentional contact with remote servers if untrusted configuration values are used.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators:

a. Follow the advisory shared by Apache and apply suggested mitigations to lower the risk of vulnerability exploitation.

b. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

c. Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889

https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om

19 October 2022

More updates

20 December 2022

Advisory: VMware Security Advisory

VMware released security updates for its products to address the heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI).

30 October 2022

Advisory: Apple iOS and macOS Flaw’s security advisory

Apple has released security updates to address vulnerabilities in iOS and macOS, including a new zero-day flaw that is being actively exploited by…

30 October 2022

Advisory: Google Zero-day vulnerability Patch Advisory

Google has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in…

19 October 2022

Advisory: Zimbra CVE

Zimbra has released security updates to address vulnerabilities affecting Ubuntu and Redhat installation versions.

Address

8 KG 7 St, Kacyiru, Kigali-Rwanda

Telecom House, 5th Floor

Contact Us

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224

Privacy Policy

Rw-CSIRT website

Newsletter

Subscribe to our newsletter to be the first to know about our latest updates.

© 2024 National Cyber Security Authority