Количество 15
Количество 15
CVE-2024-38475
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
CVE-2024-38475
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
CVE-2024-38475
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
CVE-2024-38475
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.5 ...
GHSA-pf44-j75v-mhr8
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
BDU:2024-04936
Уязвимость функции mod_rewrite веб-сервера Apache HTTP Server, позволяющая нарушителю выполнить произвольный код
SUSE-SU-2024:2591-1
Security update for apache2
ROS-20240801-01
Уязвимость httpd
SUSE-SU-2024:2597-1
Security update for apache2
SUSE-SU-2024:2436-1
Security update for apache2
ELSA-2024-4943
ELSA-2024-4943: httpd security update (IMPORTANT)
SUSE-SU-2024:2624-1
Security update for apache2
RLSA-2024:4726
Important: httpd security update
ELSA-2024-4726
ELSA-2024-4726: httpd security update (IMPORTANT)
ELSA-2024-4720
ELSA-2024-4720: httpd:2.4 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-38475 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. | CVSS3: 9.1 | 94% Критический | 12 месяцев назад |
 | CVE-2024-38475 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. | CVSS3: 9.1 | 94% Критический | 12 месяцев назад |
 | CVE-2024-38475 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. | CVSS3: 9.1 | 94% Критический | 12 месяцев назад |
| CVE-2024-38475 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.5 ... | CVSS3: 9.1 | 94% Критический | 12 месяцев назад |
| GHSA-pf44-j75v-mhr8 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. | CVSS3: 9.1 | 94% Критический | 12 месяцев назад |
 | BDU:2024-04936 Уязвимость функции mod_rewrite веб-сервера Apache HTTP Server, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.1 | 94% Критический | 12 месяцев назад |
 | SUSE-SU-2024:2591-1 Security update for apache2 | 11 месяцев назад | ||
 | ROS-20240801-01 Уязвимость httpd | CVSS3: 9.1 | 94% Критический | 11 месяцев назад |
| SUSE-SU-2024:2597-1 Security update for apache2 | 11 месяцев назад | ||
| SUSE-SU-2024:2436-1 Security update for apache2 | 11 месяцев назад | ||
| ELSA-2024-4943 ELSA-2024-4943: httpd security update (IMPORTANT) | 9 месяцев назад | ||
| SUSE-SU-2024:2624-1 Security update for apache2 | 11 месяцев назад | ||
 | RLSA-2024:4726 Important: httpd security update | 11 месяцев назад | ||
| ELSA-2024-4726 ELSA-2024-4726: httpd security update (IMPORTANT) | 11 месяцев назад | ||
| ELSA-2024-4720 ELSA-2024-4720: httpd:2.4 security update (IMPORTANT) | 11 месяцев назад |
Уязвимостей на страницу