Updated: 2024-07-23 08:19:20.775171
Description:
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | NONE | 0 |
CVSS Version 3.x | HIGH | 7.4 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | httpd | 2.4.53 | 7.4 | HIGH | Released | CLSA-2024:1724706840 | 2024-08-26 17:31:44 |
CentOS 6 ELS | httpd | 2.2.15 | 7.4 | HIGH | Not Vulnerable | 2024-08-02 08:40:56 | |
CentOS 7 ELS | httpd | 2.4.6 | 7.4 | HIGH | Released | CLSA-2024:1722003981 | 2024-08-13 14:29:03 |
CentOS 8.4 ELS | httpd | 2.4.37 | 7.4 | HIGH | Released | CLSA-2024:1724351412 | 2024-08-22 17:31:07 |
CentOS 8.5 ELS | httpd | 2.4.37 | 7.4 | HIGH | Released | CLSA-2024:1724351427 | 2024-08-22 17:31:06 |
CentOS Stream 8 ELS | httpd | 2.4.37 | 7.4 | HIGH | Released | CLSA-2024:1724351166 | 2024-08-22 14:30:06 |
CloudLinux 6 ELS | httpd | 2.2.15 | 7.4 | HIGH | Not Vulnerable | 2024-08-02 08:40:56 | |
CloudLinux 7 ELS | httpd | 2.4.6 | 7.4 | HIGH | Released | CLSA-2024:1724788700 | 2024-09-09 12:18:42 |
Oracle Linux 6 ELS | httpd | 2.2.15 | 7.4 | HIGH | Not Vulnerable | 2024-08-02 08:40:56 |