CVE-2024-39884

Published Jul 4, 2024

Last updated 4 months ago

Overview

Description
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue.
Source
security@apache.org
NVD status
Awaiting Analysis

Social media

Hype score
Not currently trending

  1. KUSANAGIモジュール更新情報 - 超高速CMS実行環境 KUSANAGI https://t.co/RL316n1172 httpd2.4.61-1に対応しました。 この更新には脆弱性(CVE-2024-39884)への対応が含まれます。 #KUSANAGI #WEXAL

    @yoshihiro_oh

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References