Vulnerability Apache2

on Univention 4.4 or 5.0 using apache2 old version , ucs 4.4 using apache 2.4.25 have a vulnerability CVE-2017-7668 , how to solve it , to avoid vulnerability on my environment?
can i update apache2 to latest version 2.4.48 and system running succes?


CVE-2017-7668 was patched via Errata 4.2-3.324. Please note that the version numbering can differ, so to see if a vulnerability persits I would recommend to search for it like so:

Best regards


tank you sir, sorry mistake , my vulnerability is a CVE-2021-31618 Apache 2.4.x < 2.4.48 Vulnerability

"The version of Apache httpd installed on the remote host is prior to 2.4.48. It is, therefore, affected by a
vulnerability as referenced in the 2.4.48 changelog.

  • mod_http2: Fix a potential NULL pointer dereference (CVE-2021-31618)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version

Installed version : 2.4.25
Fixed version : 2.4.48

on univention 4.4 , latest version apache2 2.4.25, nessus suggest me to update apache2 2.4.48, can i do it ?

As I advised you should search for the CVE in the errata search, so for CVE-2021-31618 this would be
As you can see, the vulnerability was fixed with errata 5.0-0.45 for UCS 5 and errata 4.4-8.1008 for UCS 4.

Nessus indicates that it only checked the package version number:

So the vulnerability was patched and there is no need to update the package as the version number does not indicate the patch level.


thank you very helpful

1 Like

There was a new apache vuln published with the CVE-2021-41773. Is there any estimated errata update for closing this?

CVE-2021-41773 only affects Apache 2.4.49 and not earlier versions. UCS4 still uses Apache 2.4.25 and UCS5 Apache 2.4.38.

1 Like

2.4.38 is also known for multiple Vulnerabilities like CVE-2020-11984. So there is no ETA for 2.4.50?

its already fixed in 2.4.38-3+deb10u5A see