CVE-2024-38475
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-38475
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38475.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-38475
- Aliases
- Downstream
- Related
- Published
- 2024-07-01T19:15:04Z
- Modified
- 2025-10-23T04:32:55Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.
Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
- References
-
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://security.netapp.com/advisory/ntap-20240712-0001/
- http://www.openwall.com/lists/oss-security/2024/07/01/8
- https://www.blackhat.com/us-24/briefings/schedule/index.html#confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server-pre-recorded-40227
- https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cf
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38475
Affected packages
Git / github.com/apache/httpd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/httpd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"source": "https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cf",
"target": {
"function": "apply_rewrite_rule",
"file": "modules/mappers/mod_rewrite.c"
},
"digest": {
"function_hash": "329410896395352933459831664613583229362",
"length": 4490.0
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-38475-1652a3e7"
},
{
"source": "https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cf",
"target": {
"function": "apply_rewrite_list",
"file": "modules/mappers/mod_rewrite.c"
},
"digest": {
"function_hash": "320500891851585845606909327191677408985",
"length": 2756.0
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-38475-2bcb97fd"
},
{
"source": "https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cf",
"target": {
"function": "prefix_stat",
"file": "modules/mappers/mod_rewrite.c"
},
"digest": {
"function_hash": "65318892989921758207495324094933727406",
"length": 718.0
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-38475-2f926f10"
},
{
"source": "https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cf",
"target": {
"file": "modules/mappers/mod_rewrite.c"
},
"digest": {
"line_hashes": [
"202086479493310121032538961459439885757",
"58894836514094647113024331222784170078",
"329077232432172807544131099844128315767",
"154821257176690317217391034430281880915",
"62544783868119878418438886370652316945",
"276170243926874994184442082540137371111",
"113148534754868684741154203128872360887",
"272100735403361989298344445004647452895",
"3801526222766413324966050149930358199",
"177884113068834578942697109622049332336",
"312503007117064120309219985131299569875",
"37235681922018484022826313020607416009",
"284531365319165014459348049656763328177",
"11526915861048331948992309700118793723",
"267868390585593816517915983992887850017",
"316640517145677391225316056729896485937",
"45217035488790743006944682471194670441",
"246260056758550332981399783325149370436",
"285110639281266854884318717099902951470",
"214443040754532220015779554246693207015",
"304842378204146098382649061964310214830",
"97024778387015404050258718564893307452",
"267117734820147408642300077819563874104",
"73292184583858486280372754150174098387",
"207468897473180992131176990665537098774",
"292750830595119534884242495446970407311",
"75689281603696167230968304231090594723",
"310720727494196633591846142001541261712",
"196079847792087105965625929407123877350",
"117412852780802245532193673188613580811",
"281906901316479584913429074089142884817",
"34605178222118688031298121978654139017",
"66842801806439890960033289525167362145",
"221401481175288807194014039519043881029",
"85473890119466119939818741385470702868",
"204892877282662997527790428460607120316",
"128048893597964933602001837524261817226",
"87903046665730789059624946175083630827",
"287714627651422178815203464127972087655",
"15624748602483652518462410023590325996",
"263056592206308175495754858649798411080",
"195375821796157260223976918042040060051",
"112781051421162316309107702972140558615",
"145854369943477664809207222130889276756",
"244151652853558893830500734828552185610",
"180506947419246768526120909795115542168",
"314510602938530557093703360741545987848",
"14092414422471552412311769568453078056",
"147712747338088360099731741636244043670",
"117280451024846028320899514245560702902",
"312344893608069742290014832773225255660",
"294562698926919878873626492934072718587",
"165768888912747673572736168078697595373",
"124201519229420791304332827781961861525",
"187257206774483365926190609757812755096",
"336225816648057384478323450110277180356",
"248910526787141596590091956314174299162",
"282612901651928681426722876825882199921",
"86704053180828907705537212319859713494",
"175756352702789446982339729371946920718",
"20865153043165562136167875239384697439",
"63360031864967940743821362924211039198",
"230001855502876564552687386760365467912",
"291007144957220533403068084810233823950",
"208731111261205935070832531811048250029",
"7451769926316219599930833519042476519",
"279834528954978845511066327565123057769",
"118200390284839839859284445966319801989",
"283691270003425244125250067854159469027",
"174116014431656697882070183826126967433",
"257900994117026436711420662791018981594",
"319710609023769620839187058563206396128",
"165788434658952802497421175384124904949",
"59110967857048510259095367232279402944",
"249695791749023667040307034211727530326",
"30419953907188408410197147653746040008",
"75554817766349886304609269105298717912",
"57182880295289325903772966070015359747",
"50888827680728672113209725516498201300",
"317486343809644947077194197030802253653",
"126617103068445006843189470445909651920",
"68960774741719252237895797265209378445",
"9554452540616322761149800866454554781",
"314110378036026697268990882730974073181",
"111153134726640460620188669027691291919",
"112111819024536764856983281437112891452",
"250457213071530738192992521167632313678",
"225612605908386104561276085426645749160",
"276207722139571363156119888015260636842",
"201556055088296887279145181185496589445",
"232461664868193285792006414400558011409",
"144968888665312165596961539231365981477",
"324842831437109524289162287251519450898",
"269489381746996620874541485706974152699",
"326644015187222573623180726820773999927",
"272919623540756129478666873991044659326",
"291702061068546358450589822197788537056",
"256783914155362543982159918869322662046",
"304571553946108307156838672455833524891",
"12903731669932491887159251093434081835",
"46215853247590785980449826528912884051",
"260855136197815314190752095768020901582",
"22390222055642062314554264751149619861",
"93274728876805583721968701755384491473",
"21276981720781655049026510310078494982",
"181852243344663258610871535338844555543",
"289624396074508760092356204974631549249",
"11282922432231575447807654814319018885",
"285817398881528713232137054264452501830",
"49282100278368925842532852734216585111",
"144968888665312165596961539231365981477",
"229722053871362465224846588231214403263",
"25924895485315406605202651130421817000",
"75917131521180778359308327128043036693"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2024-38475-65e681b8"
},
{
"source": "https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cf",
"target": {
"function": "hook_uri2file",
"file": "modules/mappers/mod_rewrite.c"
},
"digest": {
"function_hash": "284240994557589285928391504033549548052",
"length": 7049.0
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-38475-cece62f3"
},
{
"source": "https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cf",
"target": {
"function": "cmd_rewriteoptions",
"file": "modules/mappers/mod_rewrite.c"
},
"digest": {
"function_hash": "141911386524427811854533429424138020680",
"length": 1869.0
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-38475-d6fa54dc"
},
{
"source": "https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cf",
"target": {
"function": "cmd_rewriterule_setflag",
"file": "modules/mappers/mod_rewrite.c"
},
"digest": {
"function_hash": "223280014341234126867534167823714065949",
"length": 5244.0
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-38475-d89f3b0b"
},
{
"source": "https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cf",
"target": {
"function": "hook_fixup",
"file": "modules/mappers/mod_rewrite.c"
},
"digest": {
"function_hash": "151572592537426846915415831172553398135",
"length": 6935.0
},
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-38475-e19c91a2"
}
]