Apache Releases Security Update for HTTP Server

Original release date: December 22, 2021

The Apache Software Foundation has released Apache HTTP Server 2.4.52. This version addresses vulnerabilities—CVE-2021-44790 and CVE-2021-44224—that a remote attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Apache announcement and update as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.