ISHACK AI BOT

Alma Linux: CVE-2024-37298: Important: container-tools:rhel8 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 08/16/2024 Added 08/15/2024 Modified 09/18/2024 Description gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-fuse-overlayfs alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2024-37298 CVE - 2024-37298 https://errata.almalinux.org/8/ALSA-2024-5258.html https://errata.almalinux.org/9/ALSA-2024-6194.html

Huawei EulerOS: CVE-2024-38476: httpd security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/28/2025 Description Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) huawei-euleros-2_0_sp11-upgrade-httpd huawei-euleros-2_0_sp11-upgrade-httpd-filesystem huawei-euleros-2_0_sp11-upgrade-httpd-tools huawei-euleros-2_0_sp11-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2024-38476 CVE - 2024-38476 EulerOS-SA-2024-2583

Ubuntu: (Multiple Advisories) (CVE-2024-38476): Apache HTTP Server vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/10/2024 Added 07/09/2024 Modified 01/28/2025 Description Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) ubuntu-pro-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-38476 CVE - 2024-38476 USN-6885-1 USN-6885-2 USN-6885-3

Huawei EulerOS: CVE-2024-38476: httpd security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 01/23/2025 Added 01/21/2025 Modified 01/28/2025 Description Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) huawei-euleros-2_0_sp8-upgrade-httpd huawei-euleros-2_0_sp8-upgrade-httpd-devel huawei-euleros-2_0_sp8-upgrade-httpd-filesystem huawei-euleros-2_0_sp8-upgrade-httpd-manual huawei-euleros-2_0_sp8-upgrade-httpd-tools huawei-euleros-2_0_sp8-upgrade-mod_session huawei-euleros-2_0_sp8-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2024-38476 CVE - 2024-38476 EulerOS-SA-2025-1122

Huawei EulerOS: CVE-2024-38475: httpd security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 01/23/2025 Added 01/21/2025 Modified 01/21/2025 Description Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Solution(s) huawei-euleros-2_0_sp8-upgrade-httpd huawei-euleros-2_0_sp8-upgrade-httpd-devel huawei-euleros-2_0_sp8-upgrade-httpd-filesystem huawei-euleros-2_0_sp8-upgrade-httpd-manual huawei-euleros-2_0_sp8-upgrade-httpd-tools huawei-euleros-2_0_sp8-upgrade-mod_session huawei-euleros-2_0_sp8-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2024-38475 CVE - 2024-38475 EulerOS-SA-2025-1122

Red Hat: CVE-2024-38474: httpd: Substitution encoding issue in mod_rewrite (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/24/2024 Added 07/24/2024 Modified 09/13/2024 Description Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Solution(s) redhat-upgrade-httpd redhat-upgrade-httpd-core redhat-upgrade-httpd-core-debuginfo redhat-upgrade-httpd-debuginfo redhat-upgrade-httpd-debugsource redhat-upgrade-httpd-devel redhat-upgrade-httpd-filesystem redhat-upgrade-httpd-manual redhat-upgrade-httpd-tools redhat-upgrade-httpd-tools-debuginfo redhat-upgrade-mod_http2 redhat-upgrade-mod_http2-debuginfo redhat-upgrade-mod_http2-debugsource redhat-upgrade-mod_ldap redhat-upgrade-mod_ldap-debuginfo redhat-upgrade-mod_lua redhat-upgrade-mod_lua-debuginfo redhat-upgrade-mod_md redhat-upgrade-mod_md-debuginfo redhat-upgrade-mod_md-debugsource redhat-upgrade-mod_proxy_html redhat-upgrade-mod_proxy_html-debuginfo redhat-upgrade-mod_session redhat-upgrade-mod_session-debuginfo redhat-upgrade-mod_ssl redhat-upgrade-mod_ssl-debuginfo References CVE-2024-38474 RHSA-2024:4719 RHSA-2024:4720 RHSA-2024:4726 RHSA-2024:4862

OpenSSH Vulnerability: CVE-2024-6387 Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/02/2024 Added 07/02/2024 Modified 09/05/2024 Description A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Solution(s) openbsd-openssh-upgrade-latest References https://attackerkb.com/topics/cve-2024-6387 CVE - 2024-6387

Amazon Linux AMI: CVE-2024-38474: Security patch for httpd24 (ALAS-2024-1944) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/27/2024 Added 07/25/2024 Modified 01/28/2025 Description Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Solution(s) amazon-linux-upgrade-httpd24 References ALAS-2024-1944 CVE-2024-38474

Amazon Linux AMI: CVE-2024-38475: Security patch for httpd24 (ALAS-2024-1944) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/27/2024 Added 07/25/2024 Modified 07/25/2024 Description Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Solution(s) amazon-linux-upgrade-httpd24 References ALAS-2024-1944 CVE-2024-38475

FreeBSD: VID-171AFA61-3EBA-11EF-A58F-080027836E8B (CVE-2024-39614): Django -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/12/2024 Added 07/10/2024 Modified 07/10/2024 Description An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. Solution(s) freebsd-upgrade-package-py310-django42 freebsd-upgrade-package-py310-django50 freebsd-upgrade-package-py311-django42 freebsd-upgrade-package-py311-django50 freebsd-upgrade-package-py39-django42 References CVE-2024-39614

FreeBSD: VID-171AFA61-3EBA-11EF-A58F-080027836E8B (CVE-2024-39329): Django -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/12/2024 Added 07/10/2024 Modified 07/10/2024 Description An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. Solution(s) freebsd-upgrade-package-py310-django42 freebsd-upgrade-package-py310-django50 freebsd-upgrade-package-py311-django42 freebsd-upgrade-package-py311-django50 freebsd-upgrade-package-py39-django42 References CVE-2024-39329

Alpine Linux: CVE-2024-36387: NULL Pointer Dereference Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. Solution(s) alpine-linux-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-36387 CVE - 2024-36387 https://security.alpinelinux.org/vuln/CVE-2024-36387

Rocky Linux: CVE-2024-39573: httpd (RLSA-2024-4726) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/30/2024 Added 07/29/2024 Modified 11/18/2024 Description Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) rocky-upgrade-httpd rocky-upgrade-httpd-core rocky-upgrade-httpd-core-debuginfo rocky-upgrade-httpd-debuginfo rocky-upgrade-httpd-debugsource rocky-upgrade-httpd-devel rocky-upgrade-httpd-tools rocky-upgrade-httpd-tools-debuginfo rocky-upgrade-mod_ldap rocky-upgrade-mod_ldap-debuginfo rocky-upgrade-mod_lua rocky-upgrade-mod_lua-debuginfo rocky-upgrade-mod_proxy_html rocky-upgrade-mod_proxy_html-debuginfo rocky-upgrade-mod_session rocky-upgrade-mod_session-debuginfo rocky-upgrade-mod_ssl rocky-upgrade-mod_ssl-debuginfo References https://attackerkb.com/topics/cve-2024-39573 CVE - 2024-39573 https://errata.rockylinux.org/RLSA-2024:4726

Rocky Linux: CVE-2024-38474: httpd (RLSA-2024-4726) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/30/2024 Added 07/29/2024 Modified 01/30/2025 Description Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Solution(s) rocky-upgrade-httpd rocky-upgrade-httpd-core rocky-upgrade-httpd-core-debuginfo rocky-upgrade-httpd-debuginfo rocky-upgrade-httpd-debugsource rocky-upgrade-httpd-devel rocky-upgrade-httpd-tools rocky-upgrade-httpd-tools-debuginfo rocky-upgrade-mod_ldap rocky-upgrade-mod_ldap-debuginfo rocky-upgrade-mod_lua rocky-upgrade-mod_lua-debuginfo rocky-upgrade-mod_proxy_html rocky-upgrade-mod_proxy_html-debuginfo rocky-upgrade-mod_session rocky-upgrade-mod_session-debuginfo rocky-upgrade-mod_ssl rocky-upgrade-mod_ssl-debuginfo References https://attackerkb.com/topics/cve-2024-38474 CVE - 2024-38474 https://errata.rockylinux.org/RLSA-2024:4726

Rocky Linux: CVE-2024-38476: httpd-2.4 (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 08/23/2024 Added 08/22/2024 Modified 01/28/2025 Description Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) rocky-upgrade-httpd rocky-upgrade-httpd-core rocky-upgrade-httpd-core-debuginfo rocky-upgrade-httpd-debuginfo rocky-upgrade-httpd-debugsource rocky-upgrade-httpd-devel rocky-upgrade-httpd-tools rocky-upgrade-httpd-tools-debuginfo rocky-upgrade-mod_http2 rocky-upgrade-mod_http2-debuginfo rocky-upgrade-mod_http2-debugsource rocky-upgrade-mod_ldap rocky-upgrade-mod_ldap-debuginfo rocky-upgrade-mod_lua rocky-upgrade-mod_lua-debuginfo rocky-upgrade-mod_md rocky-upgrade-mod_md-debuginfo rocky-upgrade-mod_md-debugsource rocky-upgrade-mod_proxy_html rocky-upgrade-mod_proxy_html-debuginfo rocky-upgrade-mod_session rocky-upgrade-mod_session-debuginfo rocky-upgrade-mod_ssl rocky-upgrade-mod_ssl-debuginfo References https://attackerkb.com/topics/cve-2024-38476 CVE - 2024-38476 https://errata.rockylinux.org/RLSA-2024:5138 https://errata.rockylinux.org/RLSA-2024:5193

Debian: CVE-2024-36387: apache2 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/15/2024 Added 07/15/2024 Modified 07/15/2024 Description Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. Solution(s) debian-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-36387 CVE - 2024-36387 DSA-5729-1

Debian: CVE-2024-38477: apache2 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/01/2024 Created 07/15/2024 Added 07/15/2024 Modified 01/28/2025 Description null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) debian-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-38477 CVE - 2024-38477 DSA-5729-1

Debian: CVE-2024-38474: apache2 -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/15/2024 Added 07/15/2024 Modified 01/30/2025 Description Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Solution(s) debian-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-38474 CVE - 2024-38474 DSA-5729-1

Debian: CVE-2024-38475: apache2 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/15/2024 Added 07/15/2024 Modified 07/31/2024 Description Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Solution(s) debian-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-38475 CVE - 2024-38475 DSA-5729-1

Debian: CVE-2024-38476: apache2 -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/15/2024 Added 07/15/2024 Modified 01/28/2025 Description Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) debian-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-38476 CVE - 2024-38476 DSA-5729-1

Red Hat: CVE-2024-39573: httpd: Potential SSRF in mod_rewrite (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 07/01/2024 Created 07/24/2024 Added 07/24/2024 Modified 09/03/2024 Description Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) redhat-upgrade-httpd redhat-upgrade-httpd-core redhat-upgrade-httpd-core-debuginfo redhat-upgrade-httpd-debuginfo redhat-upgrade-httpd-debugsource redhat-upgrade-httpd-devel redhat-upgrade-httpd-filesystem redhat-upgrade-httpd-manual redhat-upgrade-httpd-tools redhat-upgrade-httpd-tools-debuginfo redhat-upgrade-mod_http2 redhat-upgrade-mod_http2-debuginfo redhat-upgrade-mod_http2-debugsource redhat-upgrade-mod_ldap redhat-upgrade-mod_ldap-debuginfo redhat-upgrade-mod_lua redhat-upgrade-mod_lua-debuginfo redhat-upgrade-mod_md redhat-upgrade-mod_md-debuginfo redhat-upgrade-mod_md-debugsource redhat-upgrade-mod_proxy_html redhat-upgrade-mod_proxy_html-debuginfo redhat-upgrade-mod_session redhat-upgrade-mod_session-debuginfo redhat-upgrade-mod_ssl redhat-upgrade-mod_ssl-debuginfo References CVE-2024-39573 RHSA-2024:4720 RHSA-2024:4726 RHSA-2024:5001

FreeBSD: VID-171AFA61-3EBA-11EF-A58F-080027836E8B (CVE-2024-39330): Django -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/12/2024 Added 07/10/2024 Modified 07/10/2024 Description An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.) Solution(s) freebsd-upgrade-package-py310-django42 freebsd-upgrade-package-py310-django50 freebsd-upgrade-package-py311-django42 freebsd-upgrade-package-py311-django50 freebsd-upgrade-package-py39-django42 References CVE-2024-39330

Cisco NX-OS: CVE-2024-20399: Cisco NX-OS Software CLI Command Injection Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:N) Published 07/01/2024 Created 07/02/2024 Added 07/02/2024 Modified 11/14/2024 Description A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. The following Cisco devices already allow administrative users to access the underlying operating system through the bash-shell feature, so, for these devices, this vulnerability does not grant any additional privileges: Nexus 3000 Series Switches Nexus 7000 Series Switches that are running Cisco NX-OS Software releases 8.1(1) and later Nexus 9000 Series Switches in standalone NX-OS mode Solution(s) cisco-nx-update-latest References https://attackerkb.com/topics/cve-2024-20399 CVE - 2024-20399 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP cisco-sa-nxos-cmd-injection-xD9OhyOP

Apache HTTPD: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect (CVE-2024-38476) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 10/14/2024 Added 10/14/2024 Modified 12/03/2024 Description Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) apache-httpd-upgrade-latest References https://attackerkb.com/topics/cve-2024-38476 http://www.openwall.com/lists/oss-security/2024/07/01/9 https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240712-0001/ CVE - 2024-38476

Rocky Linux: CVE-2024-38475: httpd (RLSA-2024-4726) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/30/2024 Added 07/29/2024 Modified 11/18/2024 Description Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Solution(s) rocky-upgrade-httpd rocky-upgrade-httpd-core rocky-upgrade-httpd-core-debuginfo rocky-upgrade-httpd-debuginfo rocky-upgrade-httpd-debugsource rocky-upgrade-httpd-devel rocky-upgrade-httpd-tools rocky-upgrade-httpd-tools-debuginfo rocky-upgrade-mod_ldap rocky-upgrade-mod_ldap-debuginfo rocky-upgrade-mod_lua rocky-upgrade-mod_lua-debuginfo rocky-upgrade-mod_proxy_html rocky-upgrade-mod_proxy_html-debuginfo rocky-upgrade-mod_session rocky-upgrade-mod_session-debuginfo rocky-upgrade-mod_ssl rocky-upgrade-mod_ssl-debuginfo References https://attackerkb.com/topics/cve-2024-38475 CVE - 2024-38475 https://errata.rockylinux.org/RLSA-2024:4726