Jump to content

Apache CVE-2006-20001 / CVE-2022-36760 / CVE-2022-37436

Recommended Posts

  • Moderators

As you may be aware, Apache recently released version 2.4.55 to address three vulnerabilities (https://httpd.apache.org/security/vulnerabilities_24.html). Our development team has reviewed all three (CVE-2006-20001/CVE-2022-36760/CVE-2022-37436) and found that FileWave is not vulnerable to any of them. Two of the modules are not used and the third module exploit is not relevant for our implementation. 

We plan to incorporate Apache version 2.4.55 or later in the next possible release, however, due to FileWave 14.10.0 currently going through QA, we have determined that it is not necessary to derail its release for a vulnerability that cannot be executed. If Apache releases further information about this or any additional vulnerabilities, we will continue to evaluate our position.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now
  • Create New...