Lucene search
UbuntuUSN-6902-1HistoryJul 18, 2024 - 12:00 a.m.
Apache HTTP Server vulnerability
2024-07-1800:00:00
ubuntu.com
27
apache http server
ubuntu
addtype vulnerability
remote code execution
source code disclosure
unix
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
38.6%
Releases
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Packages
- apache2 - Apache HTTP server
Details
It was discovered that the Apache HTTP Server incorrectly handled certain
handlers configured via AddType. A remote attacker could possibly use this
issue to obtain source code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 24.04 | noarch | apache2 | < 2.4.58-1ubuntu8.4 | UNKNOWN |
| Ubuntu | 24.04 | noarch | apache2-bin | < 2.4.58-1ubuntu8.4 | UNKNOWN |
| Ubuntu | 24.04 | noarch | apache2-bin-dbgsym | < 2.4.58-1ubuntu8.4 | UNKNOWN |
| Ubuntu | 24.04 | noarch | apache2-data | < 2.4.58-1ubuntu8.4 | UNKNOWN |
| Ubuntu | 24.04 | noarch | apache2-dev | < 2.4.58-1ubuntu8.4 | UNKNOWN |
| Ubuntu | 24.04 | noarch | apache2-doc | < 2.4.58-1ubuntu8.4 | UNKNOWN |
| Ubuntu | 24.04 | noarch | apache2-ssl-dev | < 2.4.58-1ubuntu8.4 | UNKNOWN |
| Ubuntu | 24.04 | noarch | apache2-suexec-custom | < 2.4.58-1ubuntu8.4 | UNKNOWN |
| Ubuntu | 24.04 | noarch | apache2-suexec-custom-dbgsym | < 2.4.58-1ubuntu8.4 | UNKNOWN |
| Ubuntu | 24.04 | noarch | apache2-suexec-pristine | < 2.4.58-1ubuntu8.4 | UNKNOWN |
References
Related
nessus
nessus
Fedora 40 : httpd (2024-de08df1535)
2024-07-22 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache HTTP Server vulnerability (USN-6902-1)
2024-07-18 00:00:00
Amazon Linux 2 : httpd (ALAS-2024-2606)
2024-08-17 00:00:00
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-de08df1535)
2024-08-06 00:00:00
Ubuntu: Security Advisory (USN-6902-1)
2024-07-19 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1
2024-08-14 20:43:58
CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1
2024-07-26 17:52:50
osv
osv
apache2 vulnerability
2024-07-18 11:49:16
CVE-2024-40725
2024-07-18 10:15:02
apache2-2.4.62-1.1 on GA media
2024-08-08 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: httpd-2.4.62-1.fc40
2024-07-22 01:24:52
[SECURITY] Fedora 39 Update: httpd-2.4.62-2.fc39
2024-08-17 01:51:07
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2024-40725
2024-07-17 00:00:00
kaspersky
kaspersky
KLA70466 Multiple vulnerabilities in Apache HTTP Server
2024-07-17 00:00:00
alpinelinux
alpinelinux
CVE-2024-40725
2024-07-18 10:15:02
vulnrichment
vulnrichment
githubexploit
githubexploit
Exploit for Exposure of Resource to Wrong Sphere in Apache Http Server
2024-07-19 03:51:54
ibm
ibm
freebsd
freebsd
Apache httpd -- Source code disclosure with handlers configured via AddType
2024-07-17 00:00:00
slackware
slackware
[slackware-security] httpd
2024-07-18 20:23:31
debiancve
debiancve
CVE-2024-40725
2024-07-18 10:15:02
amazon
amazon
Important: httpd
2024-08-01 03:01:00
redhatcve
redhatcve
CVE-2024-40725
2024-07-18 19:29:49
cve
cve
CVE-2024-40725
2024-07-18 10:15:02
nvd
nvd
CVE-2024-40725
2024-07-18 10:15:02
redos
redos
ROS-20240812-15
2024-08-12 00:00:00
mageia
mageia
Updated apache packages fix security vulnerabilities
2024-07-21 00:22:37
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
38.6%
Related for USN-6902-1