The Apache Software Foundation has released security updates to address multiple vulnerabilities in the Apache HTTP Server. Nine vulnerabilities have been patched, including CVE-2024-39884, CVE-2024-36387, CVE-2024-38477, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476 and CVE-2024-39573.

Affected Systems

• Apache HTTP Server versions prior to 2.4.61

Security Risks

If successfully exploited, the identified vulnerabilities in Apache HTTP Server products could lead to denial of service, information disclosure, and remote code execution on affected systems.

For the full list of security patches released by Apache Software, please refer to the official Apache HTTP Server website at httpd.apache.org.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends system administrators to:

• Upgrade to the latest supported version of the installed software as soon as possible to ensure continued access to technical support and security patches.

The recommended software version to upgrade to is: Apache HTTP Server version 2.4.61

• Before performing any update tasks, ensure that you have a backup of your data to prevent potential data loss during the upgrade process.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://httpd.apache.org/security/vulnerabilities_24.html

• https://downloads.apache.org/httpd/Announcement2.4.html