• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
qnap advises users to update nas firmware to patch apache

QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities

You are here: Home / General Cyber Security News / QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities
April 22, 2022

Network-connected storage (NAS) appliance maker QNAP on Thursday stated it is really investigating its lineup for probable effects arising from two security vulnerabilities that have been addressed in the Apache HTTP server previous thirty day period.

The critical flaws, tracked as CVE-2022-22721 and CVE-2022-23943, are rated 9.8 for severity on the CVSS scoring method and impression Apache HTTP Server variations 2.4.52 and previously –

  • CVE-2022-22721 – Possible buffer overflow with incredibly huge or unlimited LimitXMLRequestBody
  • CVE-2022-23943 – Out-of-bounds Create vulnerability in mod_sed of Apache HTTP Server

The two the vulnerabilities, alongside CVE-2022-22719 and CVE-2022-22720, were remediated by the task maintainers as component of model 2.4.53, which was delivered on March 14, 2022.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

“Though CVE-2022-22719 and CVE-2022-22720 do not affect QNAP goods, CVE-2022-22721 has an effect on 32-little bit QNAP NAS types, and CVE-2022-23943 affects people who have enabled mod_sed in Apache HTTP Server on their QNAP product,” the Taiwanese enterprise explained in an notify printed this 7 days.

In the absence of readily accessible security updates, QNAP has made available workarounds, including “retaining the default benefit ‘1M’ for LimitXMLRequestBody” and disabling mod_sed, introducing that the mod_sed feature is disabled by default in Apache HTTP Server on NAS units running the QTS running process.

The advisory will come virtually a thirty day period after it disclosed that it is really doing the job to solve an infinite loop vulnerability in OpenSSL (CVE-2022-0778, CVSS rating: 7.5) and produced patches for the Dirty Pipe Linux flaw (CVE-2022-0847, CVSS score: 7.8).

Observed this write-up interesting? Abide by THN on Facebook, Twitter  and LinkedIn to go through additional special information we submit.


Some components of this post are sourced from:
thehackernews.com

Previous Post: «cisco releases security patches for telepresence, roomos and umbrella va Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA
Next Post: Crypto-Mining Botnet Goes After Misconfigured Docker APIs Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room
  • Link Found Connecting Chaos, Onyx and Yashma Ransomware
  • Zoom Patches ‘Zero-Click’ RCE Bug
  • Messages Sent Through Zoom Can Expose People to Cyber-Attack
  • Verizon Report: Ransomware, Human Error Among Top Security Risks
  • How Secrets Lurking in Source Code Lead to Major Breaches
  • Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them
  • UK Government Cybersecurity Advisory Board Applications Now Open
  • Better together: Accelerating security and success for MSPs with automation
  • GoodWill Ransomware Demands People Help the Most Vulnerable

Copyright © TheCyberSecurity.News, All Rights Reserved.