Apache基金會修補網頁伺服器HTTP Server的原始碼洩露弱點
支付動態 · 2024-07-11
7月初Apache基金會針對網頁伺服器系統HTTP Server發布更新,當中修補高風險層級漏洞CVE-2024-39884,若不處理,網頁伺服器就有可以面臨原始碼洩露的風險
上週Apache基金會發布2.4.61版網頁伺服器系統HTTP Server,主要是修補一項漏洞CVE-2024-39884,這項漏洞帶來的影響,是在handlers組態透過AddType設置時,有可能導致原始碼資訊洩漏的情況,在2.4.60版以前的HTTP Server都可能會曝險。
這項漏洞發生的原因,在於此網頁伺服器系統核心有個遞迴(regression)處理流程中,會忽略採用的部分舊版內容類型(content-type)。在AddType或類似的組態環境裡,某些間接請求檔案的情況,就有可能導致本機原始碼洩露的情況。
關於這項漏洞的嚴重程度,Apache基金會先將其列為高風險(Important)層級,但目前尚未公布CVSS風險評分。
Popular articles
Major UK banks join new Gambling Harms Action Lab
Regulation
Irish lawmakers at odds over change in gambling bill allowing ‘inducements’
Sports Betting
NFL player calls out NFL fans upset about bets: ‘We’re human too’
Sports Betting
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
Industry sources: Time to pump the brakes a little on an Alberta online market rollout
Sports Betting
Netherlands goverment proses raising the minimum age for online casino slots
Regulation
Dutch gambling regulator wanrs lottery over advertorial
Regulation
The GAT Events 2025 Circuit Kicks Off in Cartagena de Indias
HUIDU Focus
GamingTECH CEE Awards 2025: The Online Voting Battle Begins February 12!
Online Casino
ESPN Bet collects $3M handle in New York mobile debut
Sports Betting
GeoComply report: Betting while at NFL games soaring so far this season
Sports Betting
Denise Coates’ charity may have saved Bet365 more in tax than it has given to good causes
Sports Betting
Colombia to hike online gambling tax rate
Regulation
French Gambling Giant FDJ Completes €2.5bn Kindred Group Purchase
Regulation
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
