CVE-2024-40725

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.61

Description: The issue is related to the core of Apache HTTP Server, where a partial fix ignores some use of the legacy content-type based configuration of handlers. This can result in source code disclosure of local content under certain circumstances, such as when files are requested indirectly. For example, PHP scripts may be served instead of interpreted.

Recommendations: Upgrade to version 2.4.62, which fixes this issue.

Exploit

Fix

Improper Access Control

SSRF

Incorrect Privilege Assignment

Information Disclosure

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-918CWE-266CWE-200CWE-668

Related Identifiers

ALT-PU-2024-11994

ALT-PU-2024-11996

AZL-43414

AZL-43427

BDU:2024-05368

BDU:2024-05741

BIT-APACHE-2024-40725

CVE-2024-40725

MGASA-2024-0272

OESA-2024-2288

OPENSUSE-SU-2024:14245-1

OPENSUSE-SU-2024_3742-1

OPENSUSE-SU-2024_3864-1

SUSE-SU-2024:3742-1

SUSE-SU-2024:3750-1

SUSE-SU-2024:3864-1

SUSE-SU-2024_3742-1

SUSE-SU-2024_3750-1

SUSE-SU-2024_3864-1

SUSE-SU-2025:02241-1

SUSE-SU-2025_02241-1

USN-6902-1

Affected Products

Alt Linux

Apache Http Server

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

CVE-2024-40725

Weakness Enumeration

Related Identifiers

Affected Products

References · 74