Lucene search
ApacheVULNRICHMENT:CVE-2024-38474HistoryJul 01, 2024 - 6:14 p.m.
CVE-2024-38474 Apache HTTP Server weakness with encoded question marks in backreferences
2024-07-0118:14:47
CWE-116
apache
github.com
92
apache http server
weakness
version 2.4.60
AI Score
6.8
Confidence
Low
EPSS
0.036
Percentile
91.8%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in
directories permitted by the configuration but not directly reachable by anyΒ URL or source disclosure of scripts meant to only to be executed as CGI.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag βUnsafeAllow3Fβ is specified.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache HTTP Server",
"versions": [
{
"status": "affected",
"version": "2.4.0",
"versionType": "semver",
"lessThanOrEqual": "2.4.59"
}
],
"defaultStatus": "unaffected"
}
]Related
redhatcve
redhatcve
CVE-2024-38474
2024-07-01 21:49:38
ubuntucve
ubuntucve
CVE-2024-38474
2024-07-01 00:00:00
cvelist
cvelist
cve
cve
CVE-2024-38474
2024-07-01 19:15:04
osv
osv
CVE-2024-38474
2024-07-01 19:15:04
BIT-apache-2024-38474
2024-07-03 07:17:14
Security update for apache2
2024-08-21 15:33:21
veracode
veracode
Improper Encoding
2024-07-09 06:06:33
debiancve
debiancve
CVE-2024-38474
2024-07-01 19:15:04
hackerone
hackerone
alpinelinux
alpinelinux
CVE-2024-38474
2024-07-01 19:15:04
nvd
nvd
CVE-2024-38474
2024-07-01 19:15:04
nessus
nessus
SUSE SLES15 Security Update : apache2 (SUSE-SU-2024:2997-1)
2024-08-22 00:00:00
F5 Networks BIG-IP : Apache HTTPD vulnerabilities (K000140620)
2024-08-15 00:00:00
Oracle Linux 8 : httpd:2.4 (ELSA-2024-5193)
2024-08-14 00:00:00
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-e83af0855e)
2024-08-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:2997-1)
2024-08-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:2999-1)
2024-08-23 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: httpd-2.4.62-2.fc39
2024-08-17 01:51:07
[SECURITY] Fedora 40 Update: httpd-2.4.61-1.fc40
2024-07-09 01:55:52
[SECURITY] Fedora 39 Update: httpd-2.4.61-1.fc39
2024-07-19 02:21:50
redhat
redhat
(RHSA-2024:4862) Important: httpd security update
2024-07-25 08:15:57
(RHSA-2024:4863) Important: httpd security update
2024-07-25 08:16:03
(RHSA-2024:4827) Important: httpd:2.4 security update
2024-07-24 12:41:19
oraclelinux
oraclelinux
httpd security update
2024-09-13 00:00:00
httpd security update
2024-07-23 00:00:00
httpd:2.4 security update
2024-07-23 00:00:00
amazon
amazon
Important: httpd24
2024-07-17 22:27:00
Important: httpd
2024-07-18 02:00:00
rocky
rocky
httpd security update
2024-07-26 12:33:59
almalinux
almalinux
Important: httpd security update
2024-07-23 00:00:00
Important: httpd:2.4 security update
2024-07-23 00:00:00
ibm
ibm
freebsd
freebsd
Apache httpd -- Multiple vulnerabilities
2024-07-01 00:00:00
slackware
slackware
[slackware-security] httpd
2024-07-02 19:38:48
mageia
mageia
Updated apache packages fix security vulnerabilities
2024-07-09 10:01:06
kaspersky
kaspersky
KLA70199 Multiple vulnerabilities in Apache HTTP Server
2024-07-01 00:00:00
ubuntu
ubuntu
Apache HTTP Server regression
2024-07-11 00:00:00
Apache HTTP Server vulnerabilities
2024-07-08 00:00:00
AI Score
6.8
Confidence
Low
EPSS
0.036
Percentile
91.8%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-38474