PT-2025-29114 · Apache+7 · Apache Http Server+7

Published

2024-07-08

·

Updated

2026-05-28

·

CVE-2024-43204

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.64
Description: An Server-Side Request Forgery (SSRF) issue exists in Apache HTTP Server when mod proxy is loaded. This allows an attacker to send outbound proxy requests to a URL controlled by the attacker. The issue requires a specific configuration where mod headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.
Recommendations: Upgrade to version 2.4.64 or later.

Fix

SSRF

Weakness Enumeration

CWE-918

Related Identifiers

ALT-PU-2025-9373
ALT-PU-2025-9540
ALT-PU-2025-9924
AZL-65169
AZL-65217
BDU:2025-08957
BIT-APACHE-2024-43204
CVE-2024-43204
DLA-4270-1
MGASA-2025-0301
OESA-2025-2168
OESA-2025-2169
OESA-2025-2170
OESA-2025-2171
OESA-2025-2172
OESA-2025-2278
OPENSUSE-SU-2025:15360-1
OPENSUSE-SU-2026:20810-1
SUSE-SU-2025:02565-1
SUSE-SU-2025:02682-1
SUSE-SU-2025:02683-1
SUSE-SU-2025:02684-1
SUSE-SU-2025:02685-1
SUSE-SU-2025_02565-1
SUSE-SU-2025_02682-1
SUSE-SU-2025_02683-1
SUSE-SU-2025_02684-1
SUSE-SU-2025_02685-1
SUSE-SU-2026:21846-1
USN-7639-1
USN-7639-2
USN-8338-1

Affected Products

Alt Linux
Apache Http Server
Astra Linux
Debian
Linuxmint
Red Os
Suse
Ubuntu