- Description
- A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue.
- Source
- security@apache.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- NVD-CWE-noinfo
- security@apache.org
- CWE-668
- Hype score
- Not currently trending
Arcserve UDP に同梱される、Apache HTTP Server の脆弱性 (CVE-2024-40898/CVE-2024-40725) 対応パッチが公開されました。Arcserve UDP 9.2 以前をご利用の方は適用をご検討ください。 P00003206 | Arcserve UDP 9.x | Patch for Apache httpd Vulnerabilities https://t.co/4EtoSZvbqW
@Arcserve_jp
19 Jan 2025
71 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
بچه ها هر هفته CVE های مختلف رو exploit میکنم این هفته به برسی CVE-2024-40725 که یک HTTP Request Smuggling روی Apache HTTPD پرداختیم . https://t.co/iweXHuIu1q
@soltanali0
18 Dec 2024
235 Impressions
0 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
GitHub - soltanali0/CVE-2024-40725: exploit CVE-2024-40725 (Apache httpd) with https://t.co/oWK1lyNlHc
@akaclandestine
18 Dec 2024
6466 Impressions
26 Retweets
117 Likes
45 Bookmarks
2 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.60:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B948936-6007-4436-AF16-CCE8F59E0C29"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.61:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA1CBE0F-AE94-4412-B8AB-8D6FC8698B86"
}
],
"operator": "OR"
}
]
}
]