MGASA-2024-0272

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0272.html

Import Source

https://advisories.mageia.org/MGASA-2024-0272.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2024-0272

Related

Published

2024-07-20T21:22:37Z

Modified

2024-07-20T21:01:11Z

Summary

Updated apache packages fix security vulnerabilities

Details

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows (cve.mitre.org) SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType (cve.mitre.org) A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / apache

Package

Name: apache
Purl: pkg:rpm/mageia/apache?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.62-1.mga9

Ecosystem specific

{
    "section": "core"
}