CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
38.6%
The Apache httpd project reports:
source code disclosure with handlers configured via AddType
(CVE-2024-40725) (Important): A partial fix for CVE-2024-39884
in the core of Apache HTTP Server 2.4.61 ignores some use of the
legacy content-type based configuration of handlers. “AddType”
and similar configuration, under some circumstances where files
are requested indirectly, result in source code disclosure of
local content. For example, PHP scripts may be served instead
of interpreted.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
38.6%