CVE-2024-40725

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-40725
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40725.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-40725
Aliases
Downstream
Related
Published
2024-07-18T10:15:02.357Z
Modified
2026-04-02T12:17:18.423868Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

A partial fix forĀ  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.

Users are recommended to upgrade to version 2.4.62, which fixes this issue.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
15e7241fa52e86096ee061e1b7fca0cd8d6f53ee
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ecba8771d372254ea1c74130b0037f52112a7e1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.60"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.61"
        }
    ]
}

Affected versions

1.*
1.2.0
1.2.1
1.2.2
1.3
1.3.0
1.3.1
1.3.10
1.3.11
1.3.12
1.3.13
1.3.14
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
2.*
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.2
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.3
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.4
2.0.40
2.0.41
2.0.42
2.0.43
2.0.44
2.0.45
2.0.46
2.0.47
2.0.48
2.0.49
2.0.5
2.0.50
2.0.51
2.0.52
2.0.53
2.0.54
2.0.55
2.0.56
2.0.57
2.0.58
2.0.59
2.0.6
2.0.60
2.0.61
2.0.62
2.0.63
2.0.64
2.0.65
2.0.7
2.0.8
2.0.9
2.1.1
2.1.10
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.2
2.2.20
2.2.21
2.2.22
2.2.23
2.2.24
2.2.25
2.2.26
2.2.27
2.2.28
2.2.29
2.2.3
2.2.30
2.2.31
2.2.32
2.2.33
2.2.34
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1
2.3.10
2.3.11
2.3.12
2.3.13
2.3.14
2.3.15
2.3.16
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.10
2.4.11
2.4.12
2.4.13
2.4.14
2.4.15
2.4.16
2.4.17
2.4.18
2.4.19
2.4.2
2.4.20
2.4.21
2.4.22
2.4.23
2.4.24
2.4.25
2.4.26
2.4.27
2.4.28
2.4.29
2.4.3
2.4.30
2.4.31
2.4.32
2.4.33
2.4.34
2.4.35
2.4.36
2.4.37
2.4.38
2.4.39
2.4.4
2.4.40
2.4.41
2.4.42
2.4.43
2.4.44
2.4.45
2.4.46
2.4.47
2.4.48
2.4.49
2.4.5
2.4.50
2.4.51
2.4.52
2.4.53
2.4.53-rc1-candidate
2.4.53-rc2-candidate
2.4.54
2.4.54-rc1-candidate
2.4.54-rc2-candidate
2.4.54-rc3-candidate
2.4.55
2.4.55-rc1-candidate
2.4.56
2.4.56-candidate
2.4.56-rc1-candidate
2.4.57
2.4.57-rc1-candidate
2.4.58
2.4.58-rc1-candidate
2.4.58-rc2-candidate
2.4.58-rc3-candidate
2.4.59
2.4.59-rc1-candidate
2.4.6
2.4.60
2.4.60-rc1-candidate
2.4.60-rc2-candidate
2.4.60-rc3-candidate
2.4.60-rc4-candidate
2.4.61
2.4.61-rc1-candidate
2.4.62
2.4.62-rc1-candidate
2.4.63
2.4.63-candidate
2.4.64
2.4.64-rc1-candidate
2.4.64-rc2-candidate
2.4.65
2.4.65-rc1-candidate
2.4.65-rc2-candidate
2.4.65-rc3-candidate
2.4.66
2.4.66-rc1-candidate
2.4.7
2.4.8
2.4.9
2.5.0-alpha
2.5.0-alpha2-ci-test-only
Other
AGB_BEFORE_AAA_CHANGES
APACHE_1_2b1
APACHE_1_2b10
APACHE_1_2b11
APACHE_1_2b2
APACHE_1_2b3
APACHE_1_2b4
APACHE_1_2b5
APACHE_1_2b6
APACHE_1_2b7
APACHE_1_2b8
APACHE_1_2b9
APACHE_1_3_PRE_NT
APACHE_1_3a1
APACHE_1_3b1
APACHE_1_3b2
APACHE_1_3b3
APACHE_1_3b5
APACHE_1_3b6
APACHE_1_3b7
APACHE_2_0_2001_02_09
APACHE_2_0_52_WROWE_RC1
APACHE_2_0_ALPHA
APACHE_2_0_ALPHA_2
APACHE_2_0_ALPHA_3
APACHE_2_0_ALPHA_4
APACHE_2_0_ALPHA_5
APACHE_2_0_ALPHA_6
APACHE_2_0_ALPHA_7
APACHE_2_0_ALPHA_8
APACHE_2_0_ALPHA_9
APACHE_2_0_BETA_CANDIDATE_1
APACHE_BIG_SYMBOL_RENAME_POST
APACHE_BIG_SYMBOL_RENAME_PRE
CHANGES
HTTPD_LDAP_1_0_0
INITIAL
MOD_SSL_2_8_3
PCRE_3_9
POST_APR_SPLIT
PRE_APR_CHANGES
STRIKER_2_0_51_RC1
STRIKER_2_0_51_RC2
STRIKER_2_1_0_RC1
WROWE_2_0_43_PRE1
apache-1_3-merge-1-post
apache-1_3-merge-1-pre
apache-1_3-merge-2-post
apache-1_3-merge-2-pre
apache-apr-merge-3
apache-doc-split-01
dg_last_1_2_doc_merge
djg-apache-nspr-07
djg_nspr_split
moving_to_httpd_module
mpm-3
mpm-merge-1
mpm-merge-2
post_ajp_proxy
pre_ajp_proxy
candidate-2.*
candidate-2.4.49
candidate-2.4.49-rc1
candidate-2.4.50-rc1
candidate-2.4.51-rc1
candidate-2.4.52-rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40725.json"