Philips—Systems Using Apache HTTP Server: May Have Cybersecurity Vulnerabilities
December 15, 2021 | Strategic Insights for Health System
Preview
ECRI's complete weekly summary of medical device hazard and recall information is available in ECRI's Health Device Alerts. For more information contact us at clientservices@ecri.org.
Problem:In a December 10, 2021, Security Advisory, Philips states that it is monitoring developments and updates related to recently released reports that confirm an active exploitation of a previously fixed server-side request forgery vulnerability (CVE-2021-40438) in Apache's HTTP Server. The vulnerability affects HTTP Server versions 2.4.48 and earlier. The manufacturer has not confirmed the...