PWEB server is running a version of Apache affected.
Our prod web server is running a version of the Apache affected by by
CVE-2023-36760, which is a critical vulnerability affecting versions of
Apache server <= 2.4.54.
CVE-2023-36760 allows for potential HTTP request smuggling from the Apache server through the Apache JServ Protocol (AJP) to the application server.
How do I check whether AJP is being utilized to proxy requests from the WEB server to the APPlication server? Also does that mean that if our WEB server does not use AJP, then that means we shouldn’t
need to worry about this vulnerability and do not need to upgrade to the new Apache version, 2.4.55? Please clarify. Thank you, Pashia |