CVE-2024-39573

Updated: 2024-07-23 08:19:20.775171

Description:

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x HIGH 7.4

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU httpd 2.4.53 7.4 HIGH Released CLSA-2024:1724706840 2024-08-26 17:31:44
CentOS 6 ELS httpd 2.2.15 7.4 HIGH Not Vulnerable 2024-08-02 08:40:56
CentOS 7 ELS httpd 2.4.6 7.4 HIGH Released CLSA-2024:1722003981 2024-08-13 14:29:03
CentOS 8.4 ELS httpd 2.4.37 7.4 HIGH Released CLSA-2024:1724351412 2024-08-22 17:31:07
CentOS 8.5 ELS httpd 2.4.37 7.4 HIGH Released CLSA-2024:1724351427 2024-08-22 17:31:06
CentOS Stream 8 ELS httpd 2.4.37 7.4 HIGH Released CLSA-2024:1724351166 2024-08-22 14:30:06
CloudLinux 6 ELS httpd 2.2.15 7.4 HIGH Not Vulnerable 2024-08-02 08:40:56
CloudLinux 7 ELS httpd 2.4.6 7.4 HIGH Released CLSA-2024:1724788700 2024-09-09 12:18:42
Oracle Linux 6 ELS httpd 2.2.15 7.4 HIGH Not Vulnerable 2024-08-02 08:40:56