[SECURITY VULNERABILITY] Apache HTTP 2.4.17 to 2.4.38 Local Root Exploit

Apache has recently made an announcement, revealing a major security vulnerability/exploit where servers running in Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

More Details:

Update Your Systems!

For those running Apache to their servers, we’d recommend updating as soon as possible. To do this on a CentOS based server, simply run:

yum -y update

Servers running cPanel/WHM have already been automatically upgraded. Or if not, you can manually upgrade it by running:

yum -y update ea-apache24*

After updating Apache, you can verify your current Apache version by running the following command, which should read Apache 2.4.39 or higher.

httpd -v

Frequently Asked Question: Are servers running LiteSpeed Web Server affected?

No, it is not. This only affects servers running Apache version 2.4.17 to 2.4.38.