Philips—Systems Using Apache HTTP Server​: May Have Cybersecurity Vulnerabilities

ECRI's complete weekly summary of medical device hazard and recall information is available in ECRI's Health Device Alerts. For more information contact us at clientservices@ecri.org.

Problem:In a December 10, 2021, Security Advisory, Philips states that it is monitoring developments and updates related to recently released reports that confirm an active exploitation of a previously fixed server-side request forgery vulnerability (CVE-2021-40438) in Apache's HTTP Server. The vulnerability affects HTTP Server versions 2.4.48 and earlier. The manufacturer has not confirmed the...