Apache has recently made an announcement, revealing a major security vulnerability/exploit where servers running in Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
Update Your Systems!
For those running Apache to their servers, we’d recommend updating as soon as possible. To do this on a CentOS based server, simply run:
yum -y update
Servers running cPanel/WHM have already been automatically upgraded. Or if not, you can manually upgrade it by running:
yum -y update ea-apache24*
After updating Apache, you can verify your current Apache version by running the following command, which should read Apache 2.4.39 or higher.
Frequently Asked Question: Are servers running LiteSpeed Web Server affected?
No, it is not. This only affects servers running Apache version 2.4.17 to 2.4.38.