- 224/2024
- Critical
Tenable has released security updates in Security Center Patch SC-202408.1 to fix multiple vulnerabilities across Apache to version 2.4.62 and libcurl to version 8.8.0.
The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, obtain sensitive information, perform denial of service attacks, or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Apache HTTP Server Code Execution Vulnerability (CVE-2024-38474):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Apache HTTP Server Security Bypass Vulnerability (CVE-2024-38473):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.