Jump to content

Apache HTTP Proxy - Version 2.4.52


st3fan
 Share

Recommended Posts

Is the HTTP proxy affected by CVE-2021-44224 or CVE-2021-44790 (see https://httpd.apache.org/security/vulnerabilities_24.html)?

I would assume yes for CVE-2021-44224 since it is configured as a forward proxy (ProxyRequests on) and no for CVE-2021-44790 since mod_lua is not enabled. Would appreciate if ESET admins could clarify and update the now outdated apachehttp.zip (https://www.eset.com/int/business/download/eset-protect/#standalone) from 2.4.51 to 2.4.52.

Thank you,
Stefan
 

Link to comment
Share on other sites

  • 2 weeks later...

Hi,

Clarification on CVE-2021-44832 would also be helpful, we have currently disabled our onsite ESET Apache HTTP Proxy v 2.4.48.0, luckily most users are working from home.

Summary:
ESET Apache HTTP Proxy v 2.4.51.0 CVE-2021-42013 fixed but not CVE-2021-44790 & CVE-2021-44224

New version Apache HTTP Proxy not available from ESET yet 2.4.52.0 CVE-2021-44790 & CVE-2021-44224 fixed, CVE-2021-44832 not fixed.

Link to comment
Share on other sites

On 12/23/2021 at 8:01 AM, Peter Randziak said:

Hello @st3fan,

I'm checking it with the dev team.

Regards, Peter

Any response yet?

Link to comment
Share on other sites

On 1/7/2022 at 11:42 AM, Peter Randziak said:

Hello guys,

a new version of Apache HTTP Proxy based on 2.4.52 will be built and released.

Regards, Peter

Do we have a timescale?
We're trying to be patient.

Link to comment
Share on other sites

  • ESET Moderators

Hello @BobK,

The teams responsible are working on it, but the whole process takes some time and the release dates are not being disclosed in advance...

Thank you for being patient.

Peter

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...