Cisco Releases Security Advisory
Cisco releases update to security advisory addressing products affected by Apache HTTP Server vulnerabilities
Summary
Cisco releases update to security advisory addressing products affected by Apache HTTP Server vulnerabilities
Affected platforms
The following platforms are known to be affected:
The following platforms are also known to be affected:
Other Cisco products are also affected but updates have not yet been released
Threat details
Introduction
Cisco has released a security advisory for products known to be affected by vulnerabilities in Apache HTTP Server (httpd) 2.4.48 and earlier releases. Details of these vulnerabilities can be found in the Apache HTTP Server 2.4.49 section of the Apache HTTP Server 2.4 vulnerabilities webpage. These vulnerabilities include CVE-2021-40438, a critical vulnerability (CVS v3 9.0) in Apache 2.4.48 and earlier that is being exploited in the wild.
Cisco is continuing to investigate its product line to determine if any other products are affected by these vulnerabilities and will update its advisory accordingly.
Remediation advice
Affected organisations are encouraged to review the Cisco Security Advisory below and apply the available updates.
Organisations should be aware that security updates for some of the confirmed affected products have not yet been released. Cisco are also continuing to investigate other products to identify if they are affected by these vulnerabilities. Organisations are therefore advised to continue to monitor the security advisory for updated information relating to update releases and additional affected products.
Remediation steps
| Type | Step |
|---|---|
| Patch |
Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ |
CVE Vulnerabilities
Last edited: 10 December 2021 2:37 pm