Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in
directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 21 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache http Server Netapp Netapp clustered Data Ontap |
|
CPEs | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Apache
Apache http Server Netapp Netapp clustered Data Ontap |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Tue, 13 Aug 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat jboss Core Services
|
|
CPEs | cpe:/a:redhat:jboss_core_services:1 cpe:/a:redhat:jboss_core_services:1::el7 cpe:/a:redhat:jboss_core_services:1::el8 |
|
Vendors & Products |
Redhat jboss Core Services
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-07-01T18:14:47.004Z
Updated: 2024-09-13T17:04:55.485Z
Reserved: 2024-06-17T11:09:02.297Z
Link: CVE-2024-38474
Vulnrichment
Updated: 2024-09-13T17:04:55.485Z
NVD
Status : Analyzed
Published: 2024-07-01T19:15:04.760
Modified: 2024-08-21T15:03:30.407
Link: CVE-2024-38474
Redhat