Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
History

Fri, 13 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
Vendors & Products Apache
Apache http Server
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Core Services
CPEs cpe:/a:redhat:jboss_core_services:1
cpe:/a:redhat:jboss_core_services:1::el7
cpe:/a:redhat:jboss_core_services:1::el8
Vendors & Products Redhat jboss Core Services

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-07-01T18:16:44.297Z

Updated: 2024-09-13T17:05:01.124Z

Reserved: 2024-06-25T17:13:46.679Z

Link: CVE-2024-39573

cve-icon Vulnrichment

Updated: 2024-09-13T17:05:01.124Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-01T19:15:05.760

Modified: 2024-11-21T09:28:02.550

Link: CVE-2024-39573

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-01T00:00:00Z

Links: CVE-2024-39573 - Bugzilla