This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jberg712
Contributor
‎2021-12-29 12:36 PM

Recently Discovered Apache vulnerability cve-2021-44790

Hi,

I just recently came upon an article regarding cve-2021-44790.  Its a buffer overflow regarding mod_lua in Apache HTTPD.  It looks like it moved it's CVSS score to 9.8.  I don't see an IPS protection and was wondering if something will come out or if this is a concern... especially with the recent take in R80.40 having an upgrade to Apache to version 2.4.51 which is a vulnerable version.

Jonathan

0 Kudos
2 Replies
genisis__
Leader
Leader
‎2021-12-29 03:00 PM

It looks like the cve is rectified in Apache 2.4.52, so it may be the case Checkpoint will update to Apache 2.4.52, but only as matter of good practise.  I suspect Checkpoint is not actually vulnerable.

Lets see what the official response is, and of course a signature update would be most welcome.

_Val_
Admin
Admin
‎2021-12-30 02:23 AM

There are two questions :

  1. Is Check Point affected by CVE-2021-44790? - The answer is NO, we are not vulnerable.
  2. Is there IPS signature? - not just yet, as there is no know exploit to create one.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events