Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-39573

Опубликовано: 01 июл. 2024
Источник: debian
EPSS Низкий

Описание

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache2fixed2.4.60-1package

Примечания

  • https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573

  • likely fix according to comment in code https://github.com/apache/httpd/commit/9494aa8d52e3c263bc0413b77ac8a73b0d524388 (trunk)

  • fixed also https://github.com/apache/httpd/commit/93aec0e3ca451bcc97f6d91c14d5399d13a73365 (2.4.60)

EPSS

Процентиль: 64%
0.00483
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-39573

CVSS3: 7.5
ubuntu
12 месяцев назад

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

redhat логотип

CVE-2024-39573

CVSS3: 7.4
redhat
12 месяцев назад

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

nvd логотип

CVE-2024-39573

CVSS3: 7.5
nvd
12 месяцев назад

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

github логотип

GHSA-2wcw-rcf9-qm36

CVSS3: 7.5
github
12 месяцев назад

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

fstec логотип

BDU:2024-05631

CVSS3: 7.5
fstec
около 1 года назад

Уязвимость модуля mod_rewrite веб-сервера Apache HTTP Server, позволяющая нарушителю осуществить SSRF-атаку

EPSS

Процентиль: 64%
0.00483
Низкий