CVE-2024-38475

El escape inadecuado de la salida en mod_rewrite en Apache HTTP Server 2.4.59 y versiones anteriores permite a un atacante asignar URL a ubicaciones del sistema de archivos que el servidor permite servir, pero a las que no se puede acceder intencional o directamente mediante ninguna URL, dando como resultado la ejecución del código o la divulgación del código fuente. Las sustituciones en el contexto del servidor que utilizan referencias inversas o variables como primer segmento de la sustitución se ven afectadas. Este cambio romperá algunas RewiteRules inseguras y el indicador de reescritura "UnsafePrefixStat" se puede usar para volver a participar una vez que se garantice que la sustitución esté restringida adecuadamente.

A flaw was found in the mod_rewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure.

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.

This update for apache2 fixes the following issues. Fixed DoS by null pointer in websocket over HTTP/2. Fixed improper escaping of output in mod_rewrite. Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect.

Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.