CVE-2024-39573
Apache HTTP Server: mod_rewrite proxy handler substitution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
El potencial SSRF en mod_rewrite en Apache HTTP Server 2.4.59 y versiones anteriores permite a un atacante provocar que RewriteRules inseguras configuren inesperadamente URL para que sean manejadas por mod_proxy. Se recomienda a los usuarios actualizar a la versiĆ³n 2.4.60, que soluciona este problema.
A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-25 CVE Reserved
- 2024-07-01 CVE Published
- 2024-07-02 EPSS Updated
- 2024-09-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20240712-0001 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://httpd.apache.org/security/vulnerabilities_24.html | 2024-07-12 | |
https://access.redhat.com/security/cve/CVE-2024-39573 | 2024-08-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2295022 | 2024-08-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache HTTP Server Search vendor "Apache Software Foundation" for product "Apache HTTP Server" | >= 2.4.0 <= 2.4.59 Search vendor "Apache Software Foundation" for product "Apache HTTP Server" and version " >= 2.4.0 <= 2.4.59" | en |
Affected
|