Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jberg712
Contributor

Recently Discovered Apache vulnerability cve-2021-44790

Hi,

I just recently came upon an article regarding cve-2021-44790.  Its a buffer overflow regarding mod_lua in Apache HTTPD.  It looks like it moved it's CVSS score to 9.8.  I don't see an IPS protection and was wondering if something will come out or if this is a concern... especially with the recent take in R80.40 having an upgrade to Apache to version 2.4.51 which is a vulnerable version.

Jonathan

0 Kudos
2 Replies
genisis__
Advisor

It looks like the cve is rectified in Apache 2.4.52, so it may be the case Checkpoint will update to Apache 2.4.52, but only as matter of good practise.  I suspect Checkpoint is not actually vulnerable.

Lets see what the official response is, and of course a signature update would be most welcome.

_Val_
Admin
Admin

There are two questions :

  1. Is Check Point affected by CVE-2021-44790? - The answer is NO, we are not vulnerable.
  2. Is there IPS signature? - not just yet, as there is no know exploit to create one.

 

0 Kudos