{"id":45412,"date":"2022-02-22T00:00:00","date_gmt":"2022-02-22T00:00:00","guid":{"rendered":"urn:uuid:25ed1f86-ea24-1705-0353-3b982ef613ed"},"modified":"2022-02-22T00:00:00","modified_gmt":"2022-02-22T00:00:00","slug":"recent-cyberattacks-target-open-source-web-servers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/","title":{"rendered":"Recent Cyberattacks Target Open-source Web Servers"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/b\/cyberattacks-increasingly-target-open-source-web-servers\/open-web-servers-rnp.jpg\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/b\/cyberattacks-increasingly-target-open-source-web-servers\/open-web-servers-rnp.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><sub>Source: <a href=\"https:\/\/httpd.apache.org\/security\/vulnerabilities_24.html\" target=\"_blank\" rel=\"noopener\">Apache HTTP Server Project<\/a><\/sub><\/p>\n<p><span class=\"body-subhead-title\">Weaponized vulnerabilities lead to great risk<\/span><\/p>\n<p>Not only has the number of total Apache HTTP Server vulnerabilities gone up, but so has the number of weaponized vulnerabilities.<\/p>\n<p>Trend Micro detected that at least 15 of the 57 vulnerabilities found in the past five years were weaponized and used in malicious activities. The most common types of attack include denial of service (DoS), path traversal, server-side request forgery (SSRF), and remote code execution (RCE). Multiple vulnerabilities found in 2021 are proven to have been actively exploited.<\/p>\n<p><span class=\"body-subhead-title\">Table 1: The 15 vulnerabilities weaponized since 2017<\/span><\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\">\n<tbody readability=\"15\">\n<tr>\n<td><b>CVE ID<\/b><\/td>\n<td><b>cvss3 score<\/b><\/td>\n<td><b>Description<\/b><\/td>\n<\/tr>\n<tr readability=\"3\">\n<td>CVE-2021-42013<\/td>\n<td>9.8<\/td>\n<td>Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2021-41773<\/td>\n<td>7.5<\/td>\n<td>Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49<\/td>\n<\/tr>\n<tr>\n<td>CVE-2021-40438<\/td>\n<td>9<\/td>\n<td>mod_proxy SSRF<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2020-11984<\/td>\n<td>9.8<\/td>\n<td>mod_proxy_uwsgi buffer overflow<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2019-10098<\/td>\n<td>6.1<\/td>\n<td>mod_rewrite potential open redirect<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2019-10097<\/td>\n<td>7.2<\/td>\n<td>CVE-2019-10097 mod_remoteip Stack buffer overflow and NULL pointer dereference<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2019-0190<\/td>\n<td>7.5<\/td>\n<td>mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td>CVE-2018-8011<\/td>\n<td>7.5<\/td>\n<td>mod_md, DoS via Coredumps on specially crafted requests<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2018-1303<\/td>\n<td>7.5<\/td>\n<td>Possible out of bound read in mod_cache_socache<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2018-11763<\/td>\n<td>5.9<\/td>\n<td>DoS for HTTP\/2 connections by continuous SETTINGS<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2017-9798<\/td>\n<td>7.5<\/td>\n<td>Use-after-free when using &lt;Limit &gt; with an unrecognized method in .htaccess (&#8220;OptionsBleed&#8221;)<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2017-9788<\/td>\n<td>9.1<\/td>\n<td>Uninitialized memory reflection in mod_auth_digest<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2017-7668<\/td>\n<td>9.8<\/td>\n<td>ap_find_token() Buffer Overread<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2017-7659<\/td>\n<td>7.5<\/td>\n<td>mod_http2 Null Pointer Dereference<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CVE-2017-15715<\/td>\n<td>8.1<\/td>\n<td>&lt;FilesMatch&gt; bypass with a trailing newline in the file name<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><sub>Source: <a href=\"https:\/\/httpd.apache.org\/security\/vulnerabilities_24.html\" target=\"_blank\" rel=\"noopener\">Apache HTTP Server Project<\/a>, Trend Micro Inc., NVD<\/sub><\/p>\n<p><i>CVE-2021-41773<\/i> and <i>CVE-2021-42013<\/i>, the two critical vulnerabilities, are perfect examples of how attackers exploit the vulnerabilities in the Apache HTTP Server.<\/p>\n<p>As Trend Micro <a href=\"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/l\/how-to-detect-apache-http-server-exploitation.html\">reported<\/a>, these two are path traversal vulnerabilities that allow attackers to map URLs to files\/directories outside of the webroot. In certain configurations where Common Gateway Interface (CGI) scripts are enabled for these paths, attackers can achieve RCE on the vulnerable server.<\/p>\n<p>Both discovered in early October 2021, <i>CVE-2021-41773<\/i> and <i>CVE-2021-42013<\/i> were detected with more than four million exploits by the end of 2021.<\/p>\n<p>Another Apache HTTP Server vulnerability, <i>CVE-2021-40438<\/i>, shows how great the impact can be when the vulnerability gets exploited.<\/p>\n<p><i>CVE-2021-40438<\/i> is a vulnerability existing in the mod_proxy module and prone to SSRF. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and inaccessible otherwise. The impact of this flaw varies based on what services and resources are available on the httpd network.<\/p>\n<p><i>CVE-2021-40438<\/i> has a huge impact on products from Cisco, <a href=\"https:\/\/www.ibm.com\/support\/pages\/node\/6528442\" target=\"_blank\" rel=\"noopener\">IBM QRadar SIEM<\/a>, <a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2021-40438\" target=\"_blank\" rel=\"noopener\">Debian Linux<\/a>, <a href=\"https:\/\/support.f5.com\/csp\/article\/K01552024\" target=\"_blank\" rel=\"noopener\">F5 Os<\/a>, <a href=\"https:\/\/access.redhat.com\/security\/cve\/cve-2021-40438\" target=\"_blank\" rel=\"noopener\">Red Hat and more<\/a>. On December 1, 2021, CISA added <i>CVE-2021-40438<\/i> to its list of known exploited vulnerabilities.<\/p>\n<p><span class=\"body-subhead-title\">Schemes behind the attacks<\/span><\/p>\n<p>The attacks that target open-source web servers could lead to enormous threats. Once any web server vulnerability gets exploited and hacked, the victim server can be taken over and used for malicious activities.<\/p>\n<p>The most common activities include using victim servers to send out spam mail or launching attacks against other servers at the cost of the victim server\u2019s memory and bandwidth. Attackers can also install a phishing website on the victim server to gain access to any data that passes through it.<\/p>\n<p>However, the most popular utility of attacks in recent years is cryptojacking: hackers exploit the vulnerability and secretly use the victim server\u2019s computing power to mine popular cryptocurrencies. Trend Micro revealed <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/l\/vulnerabilities-exploited-for-monero-mining-malware-delivered-via-gitHub-netlify.html\">how cyber actors used the vulnerabilities and abuse of GitHub and Netlify repositories to mine Monero<\/a>.<\/p>\n<p>For cybercriminals, Apache HTTP Server is always a favorite target: <a href=\"https:\/\/news.netcraft.com\/archives\/2020\/12\/22\/december-2020-web-server-survey.html\" target=\"_blank\" rel=\"noopener\">It serves 24.63% of the million busiest websites<\/a> according to Netcraft stats. Major web service providers such as <a href=\"https:\/\/stackshare.io\/apache-httpd\" target=\"_blank\" rel=\"noopener\">Slack<\/a>, <a href=\"https:\/\/stackshare.io\/apache-httpd\" target=\"_blank\" rel=\"noopener\">Linkedin, The New York Times, GrubHub, and more<\/a> rely on Apache HTTP Server. For IT professionals, it\u2019s challenging to patch such a vital service and not to harm user satisfaction.<\/p>\n<p>Furthermore, the complexity of the software supply chain nowadays exacerbates the abuse of open-source software vulnerabilities. Cyber attackers could compromise software components of third-party suppliers by inserting malicious code inconspicuously. Compared to the traditional supply chain, the software supply chain requires more layers of verification to ensure its security.<\/p>\n<p><span class=\"body-subhead-title\">Protect your web server against potential harm<\/span><\/p>\n<p>To mitigate the potential risk of attacks from open-source software, software composition analysis (SCA) has become an effective approach. SCA identifies and lists all the parts and versions present in the code. It also checks each specific service and looks for outdated or vulnerable libraries that may pose security risks to the application. These tools can also check for legal issues regarding the use of open-source software with different licensing terms and conditions. Trend Micro published a <a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/ph\/security\/news\/virtualization-and-cloud\/supply-chain-attacks-cloud-computing\" target=\"_blank\" rel=\"noopener\">whitepaper<\/a> on how to prevent supply chain attacks in the age of cloud computing in 2020 October.<\/p>\n<p>Developing a risk-based approach to patch management can help organizations identify and prioritize which vulnerabilities they need to deal with now. This approach consists of:<\/p>\n<ol>\n<li>Continuously conducting exposure assessments to determine what CVEs \u2013 <b><u>past <\/u><\/b>and present \u2013 are in your environment at all times.<\/li>\n<li>Assessing the <b><u>criticality<\/u><\/b> of those systems that contain those CVEs.<\/li>\n<li>Conducting a continuous but simple <b><u>risk assessment<\/u><\/b>:\n<ol>\n<li>Assessing the likelihood that those identified CVEs are or will be exploited in the wild against the impact of those CVEs used in an attack.<br \/>i.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Is a POC available<br \/>ii.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Is it in the wild<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p>If you struggle with patch management, you may look at virtual patching or IPS technology to help as these can be deployed to detect\/block exploits of a vulnerability and allow you time to properly patch the vulnerability with the vendor\u2019s patch. Trend Micro\u2019s <a href=\"https:\/\/www.zerodayinitiative.com\/about\/\" target=\"_blank\" rel=\"noopener\">Zero Day Initiative<\/a> bug bounty program and our vulnerability research teams help us identify new vulnerabilities and develop virtual patches for our <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/hybrid-cloud\/cloud-one-workload-security.html\">Cloud One<\/a>, <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/network\/intrusion-prevention.html\">TippingPoint<\/a>, <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps\/endpoint.html\">Apex One<\/a>, and <a href=\"https:\/\/www.trendmicro.com\/en_us\/small-business\/worry-free-services-suites.html\">Worry Free Services<\/a> customers. In some cases, we have virtual patches out months ahead of the vendor patch.<\/p>\n<p>Malicious actors will continue to exploit vulnerable applications, operating systems, and devices in their efforts to attack organizations. Improving your understanding of key applications like Apache can help you better understand where you can minimize your risk of attack.<\/p>\n<ol>\n<\/ol>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/b\/recent-cyberattacks-open-source-web-servers.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malicious actors take advantage of people\u2019s reliance on web servers to perform attacks like remote code execution, access control bypass, denial of service, or even cyberjacking the victim servers to mine cryptocurrencies. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":45413,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9511,9555,9523,9532],"class_list":["post-45412","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-network","tag-trend-micro-research-security-strategies"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Recent Cyberattacks Target Open-source Web Servers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Recent Cyberattacks Target Open-source Web Servers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-22T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/b\/cyberattacks-increasingly-target-open-source-web-servers\/open-web-servers-rnp.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Recent Cyberattacks Target Open-source Web Servers\",\"datePublished\":\"2022-02-22T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/\"},\"wordCount\":1064,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/recent-cyberattacks-target-open-source-web-servers.jpg\",\"keywords\":[\"Trend Micro Research : APT&amp;Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Exploits&amp;Vulnerabilities\",\"Trend Micro Research : Network\",\"Trend Micro Research : Security Strategies\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/\",\"name\":\"Recent Cyberattacks Target Open-source Web Servers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/recent-cyberattacks-target-open-source-web-servers.jpg\",\"datePublished\":\"2022-02-22T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/recent-cyberattacks-target-open-source-web-servers.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/recent-cyberattacks-target-open-source-web-servers.jpg\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/recent-cyberattacks-target-open-source-web-servers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&amp;Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Recent Cyberattacks Target Open-source Web Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Recent Cyberattacks Target Open-source Web Servers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/","og_locale":"en_US","og_type":"article","og_title":"Recent Cyberattacks Target Open-source Web Servers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-02-22T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/b\/cyberattacks-increasingly-target-open-source-web-servers\/open-web-servers-rnp.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Recent Cyberattacks Target Open-source Web Servers","datePublished":"2022-02-22T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/"},"wordCount":1064,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/recent-cyberattacks-target-open-source-web-servers.jpg","keywords":["Trend Micro Research : APT&amp;Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Threats","Trend Micro Research : Exploits&amp;Vulnerabilities","Trend Micro Research : Network","Trend Micro Research : Security Strategies"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/","url":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/","name":"Recent Cyberattacks Target Open-source Web Servers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/recent-cyberattacks-target-open-source-web-servers.jpg","datePublished":"2022-02-22T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/recent-cyberattacks-target-open-source-web-servers.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/02\/recent-cyberattacks-target-open-source-web-servers.jpg","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/recent-cyberattacks-target-open-source-web-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&amp;Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"Recent Cyberattacks Target Open-source Web Servers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45412"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45412\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/45413"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}