Guidance for Apache HTTP Server 2.4 vulnerabilities

dpuigdomenec — Thu, 23 May 2024 16:41:34 GMT

Last update 23/MAY/2024

Advisory:

Guidance for Apache HTTP Server 2.4 vulnerabilities described in the official apache.org site: https://httpd.apache.org/security/vulnerabilities_24.html

Affected version:Fix for CVE detected on Apache HTTP Server 2.4 versions from 2.4.1 to 2.4.59.

Update 2.4.59 released	2024-04-04
Affects	<=2.4.58

Execute below command to check the version of Apache HTTP Server 2.4:

sudo apt list --installed | grep apache

If the output showing version less than 2.4.59, you will need to perform the steps to upgrade the apache2 libraries.

Prerequisites: Your Expedition VM should have connectivity to http://ppa.launchpad.net and subdomains. ONLY required to do the libraries upgrade.

Note: Optionally consider to take an snapshot of your VM.

In Expedition CLI execute below commands:

Update the package repository:
sudo apt-add-repository ppa:ondrej/apache2
Install deb lib packages:
sudo apt-get install apache2
Check packages are installed
sudo apt list --installed | grep apache
Expected output:
apache2-bin/focal,now 2.4.59-1+ubuntu20.04.1+deb.sury.org+1 amd64 [installed,automatic] apache2-data/focal,now 2.4.59-1+ubuntu20.04.1+deb.sury.org+1 all [installed,automatic] apache2-utils/focal,now 2.4.59-1+ubuntu20.04.1+deb.sury.org+1 amd64 [installed,automatic] apache2/focal,now 2.4.59-1+ubuntu20.04.1+deb.sury.org+1 amd64 [installed] libapache2-mod-php7.0/now 7.0.33-57+ubuntu20.04.1+deb.sury.org+1 amd64 [installed,upgradable to: 7.0.33-74+ubuntu20.04.1+deb.sury.org+1]
Make /tmp folder writable for apache2 service
- Open file to edit: sudo vi /lib/systemd/system/apache2.service
- Change setting PrivateTmp from true to false (PrivateTmp=false)
- Save file and restart below services: sudo systemctl daemon-reload; sudo systemctl restart apache2
Access via UI and restart the Task Management