{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-43204", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-08-08T15:13:29.047Z", "datePublished": "2025-07-10T16:54:15.759Z", "dateUpdated": "2025-11-03T19:30:37.649Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.4.63", "status": "affected", "version": "2.4.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.&nbsp; Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.<br><br>Users are recommended to upgrade to version 2.4.64 which fixes this issue."}], "value": "SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.\u00a0 Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.\n\nUsers are recommended to upgrade to version 2.4.64 which fixes this issue."}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-07-10T16:54:15.759Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2024-08-07T09:00:00.000Z", "value": "reported"}], "title": "Apache HTTP Server: SSRF with mod_headers setting Content-Type header", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-11T16:06:58.631485Z", "id": "CVE-2024-43204", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-15T19:56:45.283Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:30:37.649Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-43204", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-11T16:06:58.631485Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T16:07:00.518Z"}}], "cna": {"title": "Apache HTTP Server: SSRF with mod_headers setting Content-Type header", "source": {"discovery": "UNKNOWN"}, "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache HTTP Server", "versions": [{"status": "affected", "version": "2.4.0", "versionType": "semver", "lessThanOrEqual": "2.4.63"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-08-07T09:00:00.000Z", "value": "reported"}], "references": [{"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.\u00a0 Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.\n\nUsers are recommended to upgrade to version 2.4.64 which fixes this issue.", "supportingMedia": [{"type": "text/html", "value": "SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.&nbsp; Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.<br><br>Users are recommended to upgrade to version 2.4.64 which fixes this issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-07-10T16:54:15.759Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43204", "state": "PUBLISHED", "dateUpdated": "2025-07-15T19:56:45.283Z", "dateReserved": "2024-08-08T15:13:29.047Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2025-07-10T16:54:15.759Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C552FA45-1E0F-4F3A-BB99-8E4604C82820", "versionEndExcluding": "2.4.64", "versionStartIncluding": "2.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.\u00a0 Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.\n\nUsers are recommended to upgrade to version 2.4.64 which fixes this issue."}, {"lang": "es", "value": "La SSRF en Apache HTTP Server con mod_proxy activado permite a un atacante enviar solicitudes de proxy salientes a una URL controlada por el atacante. Requiere una configuraci\u00f3n improbable donde mod_headers se configura para modificar el encabezado de solicitud o respuesta Content-Type con un valor proporcionado en la solicitud HTTP. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.4.64, que soluciona este problema."}], "id": "CVE-2024-43204", "lastModified": "2025-11-03T20:16:28.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-10T17:15:45.987", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "httpd: SSRF in Apache HTTP Server with mod_proxy loaded", "id": "2374553", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374553"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-918", "details": ["SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.\u00a0 Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.\nUsers are recommended to upgrade to version 2.4.64 which fixes this issue.", "A Server-side request forgery (SSRF) vulnerability exists in Apache httpd when the server has mod_proxy loaded and is configured with mod_headers to modify the Content-Type header in the HTTP request or response using a value supplied by the user. Under this configuration, this flaw allows an attacker to craft specially crafted requests to manipulate the Content-Type header and trigger outbound requests to arbitrary attacker-controlled URLs via proxy. The vulnerability stems from inadequate input validation and unsafe header manipulation, ultimately allowing an attacker to influence server-side network behavior."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2024-43204", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "httpd:2.4/httpd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Fix deferred", "package_name": "httpd", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Fix deferred", "package_name": "jbcs-httpd24-httpd", "product_name": "Red Hat JBoss Core Services"}], "public_date": "2025-07-14T07:14:13Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-43204\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43204"], "statement": "Exploitation requires a non-default and uncommon server configuration where mod_headers is configured to modify the Content-Type request or a response header with a value provided in the HTTP request.\nThis issue is rated as a Moderate vulnerability primarily due to its reliance on a non-default and uncommon server configuration, which significantly limits its exploitability. Specifically, successful exploitation requires the Apache HTTP Server to have both mod_proxy and mod_headers enabled, and for mod_headers to be explicitly misconfigured to set or modify the Content-Type header using unvalidated user input\u2014a rare and generally discouraged setup. Moreover, the SSRF does not result in information disclosure, privilege escalation, or code execution, but merely allows outbound connections from the server to attacker-controlled endpoints.", "threat_severity": "Moderate"}