This vulnerability was released as part of the security update announcement fix Apache released in HTTP Server version 2.4.49. Impacted systems should be upgraded to the latest version 2.4.49 immediately.
Are McAfee Enterprise products impacted by this vulnerability?
McAfee Enterprise is reviewing all products within our portfolio to evaluate potential impact and risk to customers. This step is being done carefully to make sure that further actions, if and as needed, can be prioritized appropriately within respective product teams.
NOTE: The ePolicy Orchestrator (ePO) Apache implementation doesn’t load
mod_proxy. So, ePO isn’t affected by this vulnerability. For the list of Apache modules that ePO loads, see:
KB82555 - ePolicy Orchestrator Sustaining Engineering Statement (SBC1407112) - ePO and modules included with the Apache HTTP server.
This article will be updated accordingly as more information is available.
How can McAfee Enterprise product solutions help?
It’s always advised, and a best practice, to make sure that software and operating systems are kept up to date on available Updates and security updates as they’re released. McAfee Enterprise also recommends evaluating and implementing general countermeasures against entry-level threats where suited in your environment; for more information, see:
KB91836 - Countermeasures for entry vector threats.
McAfee Enterprise is evaluating product coverage across our portfolio of security solutions for identification, detection, and prevention against this vulnerability. This article will be updated accordingly as possible coverage opportunities and countermeasures are identified.