A critical vulnerability has been found in the most widely used server software that could allow malware to be introduced to many servers available on the Internet. This type of attack is known as remote code execution, and it has already been used in attacks against WordPress installations, for example.
The case
A vulnerability has been found in the popular Apache server software that could allow malware to be introduced to many servers available on the Internet.
Just before the end of the year, a severe vulnerability that has most experts worried was discovered: the Java implementation used in the Apache Software Foundation server software is flawed and could, in some cases, turn servers accessible via the Internet into data leaks. The hackers also seized the opportunity with record speed: 12 hours after the vulnerability was discovered, the first code that could get through the flaw was created.
A version was even uploaded to Github, a software that can use crafted requests to deliver malicious code to Apache Struts 2, Apache Solr, Apache Druid, or Apache Flink servers.
The vulnerability is particularly dangerous because of the many websites worldwide served by Apache server software. According to an analyst at Cloudflare, there is probably hardly a company in the world that is not exposed to some degree of risk from the flaw. A list of companies affected is already circulating on the web, apparently including all the giants such as Amazon, Apple, and Twitter.
They may be even more affected because they may not have a specialist on staff who can immediately ensure that the necessary security updates are installed. The FBI is also dealing with the bug, and its seriousness is shown by the fact that it was immediately classified as the most dangerous category.
Apache servers
The Apache project, which produces the webserver Apache, was started in 1995 by the four founders of the Internet: Rob McCool, Brian Behlendorf, Roy Fielding, and David Filo.
Apache is an open-source web server written in the C programming language. Known as a “daemon,” Apache is responsible for serving web pages to users, and it provides developers with a platform on which they can build their web applications.
Conclusion
While this exploit has not yet been used to introduce malware to servers, it still should be taken seriously because the number of potentially infected sites on the Internet is staggering. As a result of this discovery, patches are now available to protect Apache servers from being exploited by malware.