A security vulnerability was recently discovered in Apache servers. The vulnerability has been named CVE-2022-30522 and enables a denial-of-service (DDoS) attack via the mod_sed module.
This is the second time in a relatively short period that such a security vulnerability has been discovered in Apache storage servers. In March 2022, a vulnerability was discovered in Apache's memory, which allowed attackers to perform actions in the server's memory. This security vulnerability was discovered in version 2.4 servers and is relevant to lower versions of Apache, of course. The vulnerability was quickly fixed, but it appears that the fix created a new security vulnerability.
To fix the vulnerability, update the server to Apache HTTPD version 2.4.54. If you have a website hosted on an Apache server, we recommend contacting your hosting service to check whether the servers are regularly updated to the latest versions as part of proper server maintenance, and of course to ensure that you have full backups of all the materials stored in the storage.
Linux Hosting offers its customers LiteSpeed servers (rather than Apache) for reasons of speed and security.
For those interested in reading more in depth, you can find additional technical information here.