CVE-2024-39573 – Apache HTTP Server: mod_rewrite proxy handler substitution
https://notcve.org/view.php?id=CVE-2024-39573
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. El potencial SSRF en mod_rewrite en Apache HTTP Server 2.4.59 y versiones anteriores permite a un atacante provocar que RewriteRules inseguras configuren inesperadamente URL para que sean manejadas por mod_proxy. Se recomienda a los usuarios actualizar a la versión 2.4.60, que soluciona este problema. A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module. • https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240712-0001 https://access.redhat.com/security/cve/CVE-2024-39573 https://bugzilla.redhat.com/show_bug.cgi?id=2295022 • CWE-20: Improper Input Validation •
CVE-2024-38477 – Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
https://notcve.org/view.php?id=CVE-2024-38477
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. La desreferencia del puntero nulo en mod_proxy en Apache HTTP Server 2.4.59 y versiones anteriores permite a un atacante bloquear el servidor mediante una solicitud maliciosa. Se recomienda a los usuarios actualizar a la versión 2.4.60, que soluciona este problema. A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, and resulting in a denial of service. • https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240712-0001 https://access.redhat.com/security/cve/CVE-2024-38477 https://bugzilla.redhat.com/show_bug.cgi?id=2295016 • CWE-476: NULL Pointer Dereference •
CVE-2024-38476 – Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
https://notcve.org/view.php?id=CVE-2024-38476
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. La vulnerabilidad en el núcleo de Apache HTTP Server 2.4.59 y versiones anteriores es vulnerable a la divulgación de información, SSRF o ejecución de scripts locales a través de aplicaciones backend cuyos encabezados de respuesta son maliciosos o explotables. Se recomienda a los usuarios actualizar a la versión 2.4.60, que soluciona este problema. A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution. • https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240712-0001 https://access.redhat.com/security/cve/CVE-2024-38476 https://bugzilla.redhat.com/show_bug.cgi?id=2295015 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2024-38475 – Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
https://notcve.org/view.php?id=CVE-2024-38475
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. El escape inadecuado de la salida en mod_rewrite en Apache HTTP Server 2.4.59 y versiones anteriores permite a un atacante asignar URL a ubicaciones del sistema de archivos que el servidor permite servir, pero a las que no se puede acceder intencional o directamente mediante ninguna URL, dando como resultado la ejecución del código o la divulgación del código fuente. Las sustituciones en el contexto del servidor que utilizan referencias inversas o variables como primer segmento de la sustitución se ven afectadas. Este cambio romperá algunas RewiteRules inseguras y el indicador de reescritura "UnsafePrefixStat" se puede usar para volver a participar una vez que se garantice que la sustitución esté restringida adecuadamente. • https://github.com/p0in7s/CVE-2024-38475 https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240712-0001 https://access.redhat.com/security/cve/CVE-2024-38475 https://bugzilla.redhat.com/show_bug.cgi?id=2295014 • CWE-116: Improper Encoding or Escaping of Output •
CVE-2024-38474 – Apache HTTP Server weakness with encoded question marks in backreferences
https://notcve.org/view.php?id=CVE-2024-38474
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. El problema de codificación de sustitución en mod_rewrite en Apache HTTP Server 2.4.59 y versiones anteriores permite al atacante ejecutar scripts en directorios permitidos por la configuración pero a los que no se puede acceder directamente mediante ninguna URL o divulgación de fuente de scripts destinados a ejecutarse únicamente como CGI. Se recomienda a los usuarios actualizar a la versión 2.4.60, que soluciona este problema. Algunas RewriteRules que capturan y sustituyen de forma insegura ahora fallarán a menos que se especifique el indicador de reescritura "UnsafeAllow3F". A flaw was found in the mod_rewrite module of httpd. • https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240712-0001 https://access.redhat.com/security/cve/CVE-2024-38474 https://bugzilla.redhat.com/show_bug.cgi?id=2295013 • CWE-116: Improper Encoding or Escaping of Output •