[MS4W-Users] Apache in MS4W?

Andrew Tegenkamp ategenkamp at interactivegis.com
Fri Oct 15 21:03:36 UTC 2021


We are using MS4W 4.0.5 and so our Apache version is 2.4.46, and were 
recently asked about the "Path Traversal and Remote Code Execution 
vulnerabilities (CVE-2021-41773, CVE-2021-42013) in Apache HTTP Server" 
as that patch is making the rounds on security and tech sites.

My current best understanding is a quote from a ZDNet article that says 
"This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier 
versions." but I'd like to be sure and confirm this.  That said, I want 
to provide the correct information to the person asking, and am reaching 
out to see if the Apache in MS4W needs a patch, upgrade, or no action.

Can anyone that knows please help me understand this specifically and 
any tips or best practices used to deal with Apache news like this in 
the future?

Thanks.

RE: 
https://www.zdnet.com/article/additional-fixes-released-addressing-apache-http-server-issue/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ms4w.com/pipermail/ms4w-users/attachments/20211015/abf6b490/attachment.htm>


More information about the MS4W-Users mailing list