Количество 15
Количество 15
CVE-2024-38475
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
CVE-2024-38475
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
CVE-2024-38475
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
CVE-2024-38475
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.5 ...
GHSA-pf44-j75v-mhr8
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
BDU:2024-04936
Уязвимость функции mod_rewrite веб-сервера Apache HTTP Server, позволяющая нарушителю выполнить произвольный код
SUSE-SU-2024:2591-1
Security update for apache2
ROS-20240801-01
Уязвимость httpd
SUSE-SU-2024:2597-1
Security update for apache2
SUSE-SU-2024:2436-1
Security update for apache2
ELSA-2024-4943
ELSA-2024-4943: httpd security update (IMPORTANT)
SUSE-SU-2024:2624-1
Security update for apache2
RLSA-2024:4726
Important: httpd security update
ELSA-2024-4726
ELSA-2024-4726: httpd security update (IMPORTANT)
ELSA-2024-4720
ELSA-2024-4720: httpd:2.4 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-38475 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. | CVSS3: 9.1 | 94% Критический | около 1 года назад |
 | CVE-2024-38475 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. | CVSS3: 9.1 | 94% Критический | около 1 года назад |
 | CVE-2024-38475 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. | CVSS3: 9.1 | 94% Критический | около 1 года назад |
| CVE-2024-38475 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.5 ... | CVSS3: 9.1 | 94% Критический | около 1 года назад |
| GHSA-pf44-j75v-mhr8 Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. | CVSS3: 9.1 | 94% Критический | около 1 года назад |
 | BDU:2024-04936 Уязвимость функции mod_rewrite веб-сервера Apache HTTP Server, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.1 | 94% Критический | около 1 года назад |
 | SUSE-SU-2024:2591-1 Security update for apache2 | около 1 года назад | ||
 | ROS-20240801-01 Уязвимость httpd | CVSS3: 9.1 | 94% Критический | около 1 года назад |
| SUSE-SU-2024:2597-1 Security update for apache2 | около 1 года назад | ||
| SUSE-SU-2024:2436-1 Security update for apache2 | около 1 года назад | ||
| ELSA-2024-4943 ELSA-2024-4943: httpd security update (IMPORTANT) | 11 месяцев назад | ||
| SUSE-SU-2024:2624-1 Security update for apache2 | около 1 года назад | ||
 | RLSA-2024:4726 Important: httpd security update | около 1 года назад | ||
| ELSA-2024-4726 ELSA-2024-4726: httpd security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-4720 ELSA-2024-4720: httpd:2.4 security update (IMPORTANT) | около 1 года назад |
Уязвимостей на страницу