← volver
CVE-2024-39573

Apache HTTP Server: mod_rewrite proxy handler substitution

CVSS 7.5 HIGHEPSS 35.4%CWE-20
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Apache Software Foundation · Apache HTTP Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://seclists.org/fulldisclosure/2024/Oct/11https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://security.netapp.com/advisory/ntap-20240712-0001/http://www.openwall.com/lists/oss-security/2024/07/01/11