CVE-2024-39573

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.59 and earlier

Description: The issue is related to a potential Server-Side Request Forgery (SSRF) in the mod rewrite module of the Apache HTTP Server. This allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod proxy. The vulnerability is due to insufficient validation of incoming requests.

Recommendations: For Apache HTTP Server versions 2.4.59 and earlier, upgrade to version 2.4.60, which fixes this issue.

Fix

SSRF

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-20

Related Identifiers

ALSA-2024:4720

ALSA-2024:4726

ALT-PU-2024-10005

ALT-PU-2024-10192

ALT-PU-2024-10223

ALT-PU-2024-9738

BDU:2024-05631

BIT-APACHE-2024-39573

CESA-2024_4720

CVE-2024-39573

DSA-5729-1

INFSA-2024_4720

INFSA-2024_4726

MGASA-2024-0258

OESA-2024-1830

OPENSUSE-SU-2024:14116-1

RHSA-2024:4720

RHSA-2024:4726

RHSA-2024:5001

RHSA-2024:5239

RHSA-2024_4720

RHSA-2024_4726

RLSA-2024:4726

SUSE-SU-2024:2405-1

SUSE-SU-2024:2436-1

SUSE-SU-2024:2624-1

SUSE-SU-2025:02241-1

SUSE-SU-2025_02241-1

USN-6885-1

USN-6885-2

USN-6885-4

USN-6885-6

USN-8338-1

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-39573

Weakness Enumeration

Related Identifiers

Affected Products

References · 145