BIT-apache-2024-39573

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2024-39573.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-apache-2024-39573

Aliases

CVE-2024-39573

Published

2024-07-03T07:16:17.249Z

Modified

2024-07-13T07:54:56.240Z

Summary

[none]

Details

Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy.Users are recommended to upgrade to version 2.4.60, which fixes this issue.

References

https://httpd.apache.org/security/vulnerabilities_24.html
https://security.netapp.com/advisory/ntap-20240712-0001/

Affected packages

Bitnami / apache

Package

Name: apache
Purl: pkg:bitnami/apache

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.4.0

Fixed

2.4.60