Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 01 Jul 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netapp
Netapp ontap
CPEs cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
Vendors & Products Netapp
Netapp ontap

Thu, 13 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache http Server
CPEs cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
Vendors & Products Apache
Apache http Server
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 13 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
Vendors & Products Apache
Apache http Server
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Core Services
CPEs cpe:/a:redhat:jboss_core_services:1
cpe:/a:redhat:jboss_core_services:1::el7
cpe:/a:redhat:jboss_core_services:1::el8
Vendors & Products Redhat jboss Core Services

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-02-13T17:53:18.513Z

Reserved: 2024-06-25T17:13:46.679Z

Link: CVE-2024-39573

cve-icon Vulnrichment

Updated: 2024-09-13T17:05:01.124Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-01T19:15:05.760

Modified: 2025-07-01T20:25:56.240

Link: CVE-2024-39573

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-01T00:00:00Z

Links: CVE-2024-39573 - Bugzilla

cve-icon OpenCVE Enrichment

No data.