Описание
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.
Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
A flaw was found in the mod_rewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure.
Отчет
This issue affects configurations with substitution rules used in the RewriteRule directive using backreferences or variables as the first segment of the substitution. Additionally, this flaw requires mod_rewrite to be loaded and used. This module can be disabled if its functionality is not needed. Red Hat Enterprise Linux 6 is not affected by this vulnerability because the vulnerable code was introduced in a newer version of httpd.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | httpd | Not affected | ||
| Red Hat Enterprise Linux 6 | httpd | Not affected | ||
| JBoss Core Services for RHEL 8 | jbcs-httpd24-httpd | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_http2 | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_jk | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_md | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_proxy_cluster | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_security | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-httpd | Fixed | RHSA-2024:5239 | 13.08.2024 |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-mod_http2 | Fixed | RHSA-2024:5239 | 13.08.2024 |
Показывать по
Дополнительная информация
Статус:
9.1 Critical
CVSS3
Связанные уязвимости
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.5 ...
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
Уязвимость функции mod_rewrite веб-сервера Apache HTTP Server, позволяющая нарушителю выполнить произвольный код
9.1 Critical
CVSS3