Updated: 2025-08-20 00:41:53.699098
Description:
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.4 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | httpd | 2.4.53 | 7.4 | HIGH | Released | CLSA-2024:1724706840 | 2024-08-26 17:31:44 | |
| CentOS 6 ELS | httpd | 2.2.15 | 7.4 | HIGH | Not Vulnerable | 2024-08-02 08:40:56 | ||
| CentOS 7 ELS | httpd | 2.4.6 | 7.4 | HIGH | Released | CLSA-2024:1722003981 | 2024-08-13 14:29:03 | |
| CentOS 8.4 ELS | httpd | 2.4.37 | 7.4 | HIGH | Released | CLSA-2024:1724351412 | 2024-08-22 17:31:07 | |
| CentOS 8.5 ELS | httpd | 2.4.37 | 7.4 | HIGH | Released | CLSA-2024:1724351427 | 2024-08-22 17:31:06 | |
| CentOS Stream 8 ELS | httpd | 2.4.37 | 7.4 | HIGH | Released | CLSA-2024:1724351166 | 2024-08-22 14:30:06 | |
| CloudLinux 6 ELS | httpd | 2.2.15 | 7.4 | HIGH | Not Vulnerable | 2024-08-02 08:40:56 | ||
| CloudLinux 7 ELS | httpd | 2.4.6 | 7.4 | HIGH | Released | CLSA-2024:1724788700 | 2024-09-09 12:18:42 | |
| Oracle Linux 6 ELS | httpd | 2.2.15 | 7.4 | HIGH | Not Vulnerable | 2024-08-02 08:40:56 |