Описание
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.4.29-1ubuntu4.10 |
| devel | released | 2.4.41-1ubuntu1 |
| disco | released | 2.4.38-2ubuntu2.2 |
| eoan | released | 2.4.41-1ubuntu1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | not-affected | 2.4.29-1ubuntu4.10 |
| esm-infra/focal | not-affected | 2.4.41-1ubuntu1 |
| esm-infra/xenial | not-affected | 2.4.18-2ubuntu3.12 |
| focal | released | 2.4.41-1ubuntu1 |
| groovy | released | 2.4.41-1ubuntu1 |
Показывать по
EPSS
5.8 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_r ...
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
Уязвимость функции mod_rewrite веб-сервера Apache HTTP Server, позволяющая нарушителю получить несанкционированный доступ к конфиденциальной информации или оказать воздействие на целостность информации
EPSS
5.8 Medium
CVSS2
6.1 Medium
CVSS3