- Description
- Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
- Source
- security@apache.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@apache.org
- CWE-116
- Hype score
- Not currently trending
Akhir tahun kita closingan dengan BloodHound dan httpX karna PoC buat CVE udah banyak banget, tenkyu gxc dan kawan-kawan. > CVE-2024-38472 > CVE-2024-39573 > CVE-2024-38477 > CVE-2024-38476 > CVE-2024-38475 > CVE-2024-38474 > CVE-2024-38473 > CVE-2023-387
@byt3n33dl3
31 Dec 2024
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
mrmtwoj/apache-vulnerability-testing: Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709 https://t.co/1vHVQPeJmm
@Alra3ees
30 Dec 2024
4962 Impressions
33 Retweets
132 Likes
111 Bookmarks
1 Reply
0 Quotes
GitHub - mrmtwoj/apache-vulnerability-testing: Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709 https://t.co/wxO2nxclqJ
@akaclandestine
14 Dec 2024
2095 Impressions
16 Retweets
48 Likes
27 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13126636-FD76-4E3E-B949-14A5082DE02A",
"versionEndExcluding": "2.4.60",
"versionStartIncluding": "2.4.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3ED302E-F464-40DE-A976-FD518E42D95D"
}
],
"operator": "OR"
}
]
}
]