- Description
- Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- security@apache.org
- CWE-116
- Hype score
- Not currently trending
Akhir tahun kita closingan dengan BloodHound dan httpX karna PoC buat CVE udah banyak banget, tenkyu gxc dan kawan-kawan. > CVE-2024-38472 > CVE-2024-39573 > CVE-2024-38477 > CVE-2024-38476 > CVE-2024-38475 > CVE-2024-38474 > CVE-2024-38473 > CVE-2023-387
@byt3n33dl3
31 Dec 2024
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
mrmtwoj/apache-vulnerability-testing: Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709 https://t.co/1vHVQPeJmm
@Alra3ees
30 Dec 2024
4962 Impressions
33 Retweets
132 Likes
111 Bookmarks
1 Reply
0 Quotes
GitHub - mrmtwoj/apache-vulnerability-testing: Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709 https://t.co/wxO2nxclqJ
@akaclandestine
14 Dec 2024
2095 Impressions
16 Retweets
48 Likes
27 Bookmarks
0 Replies
0 Quotes