← volver
CVE-2024-43204

Apache HTTP Server: SSRF with mod_headers setting Content-Type header

CVSS 7.5 HIGHEPSS 0.8%CWE-918
SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.  Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request. Users are recommended to upgrade to version 2.4.64 which fixes this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Productos afectados
Apache Software Foundation · Apache HTTP Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.debian.org/debian-lts-announce/2025/08/msg00009.htmlhttp://www.openwall.com/lists/oss-security/2025/07/10/2http://www.openwall.com/lists/oss-security/2025/07/10/4