https://community.checkpoint.com/t5/General-Topics/Recently-Discovered-Apache-vulnerability-cve-2021-44790/m-p/137410#M24531 <P>Hi,</P><P>I just recently came upon an article regarding&nbsp;cve-2021-44790.&nbsp; Its a buffer overflow regarding mod_lua in Apache HTTPD.&nbsp; It looks like it moved it's CVSS score to 9.8.&nbsp; I don't see an IPS protection and was wondering if something will come out or if this is a concern... especially with the recent take in R80.40 having an upgrade to Apache to version 2.4.51 which is a vulnerable version.</P><P>Jonathan</P> Wed, 29 Dec 2021 20:36:03 GMT jberg712 2021-12-29T20:36:03Z https://community.checkpoint.com/t5/General-Topics/Recently-Discovered-Apache-vulnerability-cve-2021-44790/m-p/137410#M24531 <P>Hi,</P><P>I just recently came upon an article regarding&nbsp;cve-2021-44790.&nbsp; Its a buffer overflow regarding mod_lua in Apache HTTPD.&nbsp; It looks like it moved it's CVSS score to 9.8.&nbsp; I don't see an IPS protection and was wondering if something will come out or if this is a concern... especially with the recent take in R80.40 having an upgrade to Apache to version 2.4.51 which is a vulnerable version.</P><P>Jonathan</P> Wed, 29 Dec 2021 20:36:03 GMT https://community.checkpoint.com/t5/General-Topics/Recently-Discovered-Apache-vulnerability-cve-2021-44790/m-p/137410#M24531 jberg712 2021-12-29T20:36:03Z https://community.checkpoint.com/t5/General-Topics/Recently-Discovered-Apache-vulnerability-cve-2021-44790/m-p/137411#M24532 <P>It looks like the cve is rectified in Apache 2.4.52, so it may be the case Checkpoint will update to Apache 2.4.52, but only as matter of good practise.&nbsp; I suspect Checkpoint is not actually vulnerable.</P> <P>Lets see what the official response is, and of course a signature update would be most welcome.</P> Wed, 29 Dec 2021 23:00:35 GMT https://community.checkpoint.com/t5/General-Topics/Recently-Discovered-Apache-vulnerability-cve-2021-44790/m-p/137411#M24532 genisis__ 2021-12-29T23:00:35Z https://community.checkpoint.com/t5/General-Topics/Recently-Discovered-Apache-vulnerability-cve-2021-44790/m-p/137423#M24534 <P>There are two questions :</P> <OL> <LI>Is Check Point affected by&nbsp;<SPAN>CVE-2021-44790? - The answer is NO, we are not vulnerable.</SPAN></LI> <LI><SPAN>Is there IPS signature? - not just yet, as there is no know exploit to create one.</SPAN></LI> </OL> <P>&nbsp;</P> Thu, 30 Dec 2021 10:23:35 GMT https://community.checkpoint.com/t5/General-Topics/Recently-Discovered-Apache-vulnerability-cve-2021-44790/m-p/137423#M24534 _Val_ 2021-12-30T10:23:35Z