Knowledge Base

Vulnerability CVE-2021-44790 for Apache HTTP Server

Situation

The vulnerability CVE-2021-44790 affects mod_lua module from Apache HTTP Server.

Impact

Plesk itself is not affected by the vulnerability. We also do not ship the mod_lua module in our repositories.

However, the Apache web server packages are installed from the official OS vendors' repositories, and some operating systems ship and enable this module by default (for example, every supported RHEL system).

Call to Action

To protect customers’ website that might be affected by the vulnerability, follow the recommendations from the OS vendor/package maintainer and always keep the system up to date.

Plesk has an embedded mechanism to update system packages:

Plesk Administrator's Guide: System Updates

It is also possible to temporarily disable the mod_lua module:

via Plesk UI:
How to enable/disable Apache modules shipped with Plesk
via CLI:

# plesk sbin httpd_modules_ctl --disable lua

Related Posts

Your Complete .htaccess Guide: Including .htaccess Basics and More

NGINX vs Apache – Which Is the Best Web Server in 2024?

Top Web Servers For Linux And Windows

Knowledge Base

CVE-2021-44224: Apache HTTP Server vulnerability

Advanced Monitoring shows the following error in Plesk on Ubuntu 18/Debian 9: The tab content cannot be loaded because the Grafana service is stopped

Where are the Node.js logs located?

Unable to repair web configuration: mktemp: failed to create file via template ‘/etc/nginx/plesk.conf.d/server.conf.XXXXXX’: No such file or directory

Hosting Wiki