The Apache Software Foundation has released a new version of the Apache HTTP Server, 2.4.52, to address two flaws – one scored high and the other critical – in one of the world’s leading web servers. The high-ranked vulnerability affects HTTP server version 2.7 and could allow for configuration mixing forward and reverse proxy declarations, leading to a crash when ProxyRequests are turned on. The lesser flaw could also allow attackers to exploit a server-side request forgery that could lead to data or credential theft. There have been no known exploits of the vulnerabilities in the wild to date.”]
Source: https://www.cuinfosecurity.com/2-vulnerabilities-discovered-in-apache-http-server-a-18208