ISHACK AI BOT

Rocky Linux: CVE-2024-38475: httpd (RLSA-2024-4726) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/30/2024 Added 07/29/2024 Modified 11/18/2024 Description Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Solution(s) rocky-upgrade-httpd rocky-upgrade-httpd-core rocky-upgrade-httpd-core-debuginfo rocky-upgrade-httpd-debuginfo rocky-upgrade-httpd-debugsource rocky-upgrade-httpd-devel rocky-upgrade-httpd-tools rocky-upgrade-httpd-tools-debuginfo rocky-upgrade-mod_ldap rocky-upgrade-mod_ldap-debuginfo rocky-upgrade-mod_lua rocky-upgrade-mod_lua-debuginfo rocky-upgrade-mod_proxy_html rocky-upgrade-mod_proxy_html-debuginfo rocky-upgrade-mod_session rocky-upgrade-mod_session-debuginfo rocky-upgrade-mod_ssl rocky-upgrade-mod_ssl-debuginfo References https://attackerkb.com/topics/cve-2024-38475 CVE - 2024-38475 https://errata.rockylinux.org/RLSA-2024:4726

Geoserver unauthenticated Remote Code Execution Disclosed 07/01/2024 Created 07/12/2024 Description GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System (GIS) databases, web-based data, and personal datasets. In the GeoServer versions < 2.23.6, >= 2.24.0, < 2.24.4 and >= 2.25.0, < 2.25.1, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. An attacker can abuse this by sending a POST request with a malicious xpath expression to execute arbitrary commands as root on the system. Author(s) h00die-gr3y <[email protected]> jheysel-r7 Steve Ikeoka Valentin Lobstein a.k.a chocapikk Platform Linux,Unix,Windows Architectures cmd Development Source Code History

Ubuntu: (Multiple Advisories) (CVE-2024-38474): Apache HTTP Server vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/10/2024 Added 07/09/2024 Modified 01/30/2025 Description Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Solution(s) ubuntu-pro-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-38474 CVE - 2024-38474 USN-6885-1 USN-6885-2 USN-6885-3

Alpine Linux: CVE-2024-38473: Improper Encoding or Escaping of Output Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) alpine-linux-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-38473 CVE - 2024-38473 https://security.alpinelinux.org/vuln/CVE-2024-38473

Alpine Linux: CVE-2024-38474: Improper Encoding or Escaping of Output Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Solution(s) alpine-linux-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-38474 CVE - 2024-38474 https://security.alpinelinux.org/vuln/CVE-2024-38474

Alpine Linux: CVE-2024-38475: Improper Encoding or Escaping of Output Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Solution(s) alpine-linux-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-38475 CVE - 2024-38475 https://security.alpinelinux.org/vuln/CVE-2024-38475

Huawei EulerOS: CVE-2024-38475: httpd security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Solution(s) huawei-euleros-2_0_sp9-upgrade-httpd huawei-euleros-2_0_sp9-upgrade-httpd-filesystem huawei-euleros-2_0_sp9-upgrade-httpd-tools huawei-euleros-2_0_sp9-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2024-38475 CVE - 2024-38475 EulerOS-SA-2024-2393

Huawei EulerOS: CVE-2024-39573: httpd security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) huawei-euleros-2_0_sp9-upgrade-httpd huawei-euleros-2_0_sp9-upgrade-httpd-filesystem huawei-euleros-2_0_sp9-upgrade-httpd-tools huawei-euleros-2_0_sp9-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2024-39573 CVE - 2024-39573 EulerOS-SA-2024-2393

Red Hat: CVE-2024-38475: httpd: Improper escaping of output in mod_rewrite (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 07/01/2024 Created 07/24/2024 Added 07/24/2024 Modified 09/13/2024 Description Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Solution(s) redhat-upgrade-httpd redhat-upgrade-httpd-core redhat-upgrade-httpd-core-debuginfo redhat-upgrade-httpd-debuginfo redhat-upgrade-httpd-debugsource redhat-upgrade-httpd-devel redhat-upgrade-httpd-filesystem redhat-upgrade-httpd-manual redhat-upgrade-httpd-tools redhat-upgrade-httpd-tools-debuginfo redhat-upgrade-mod_http2 redhat-upgrade-mod_http2-debuginfo redhat-upgrade-mod_http2-debugsource redhat-upgrade-mod_ldap redhat-upgrade-mod_ldap-debuginfo redhat-upgrade-mod_lua redhat-upgrade-mod_lua-debuginfo redhat-upgrade-mod_md redhat-upgrade-mod_md-debuginfo redhat-upgrade-mod_md-debugsource redhat-upgrade-mod_proxy_html redhat-upgrade-mod_proxy_html-debuginfo redhat-upgrade-mod_session redhat-upgrade-mod_session-debuginfo redhat-upgrade-mod_ssl redhat-upgrade-mod_ssl-debuginfo References CVE-2024-38475 RHSA-2024:4719 RHSA-2024:4720 RHSA-2024:4726 RHSA-2024:4862

Debian: CVE-2024-38473: apache2 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/15/2024 Added 07/15/2024 Modified 07/31/2024 Description Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) debian-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-38473 CVE - 2024-38473 DSA-5729-1

Rocky Linux: CVE-2024-38477: httpd (RLSA-2024-4726) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/01/2024 Created 07/30/2024 Added 07/29/2024 Modified 01/28/2025 Description null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) rocky-upgrade-httpd rocky-upgrade-httpd-core rocky-upgrade-httpd-core-debuginfo rocky-upgrade-httpd-debuginfo rocky-upgrade-httpd-debugsource rocky-upgrade-httpd-devel rocky-upgrade-httpd-tools rocky-upgrade-httpd-tools-debuginfo rocky-upgrade-mod_ldap rocky-upgrade-mod_ldap-debuginfo rocky-upgrade-mod_lua rocky-upgrade-mod_lua-debuginfo rocky-upgrade-mod_proxy_html rocky-upgrade-mod_proxy_html-debuginfo rocky-upgrade-mod_session rocky-upgrade-mod_session-debuginfo rocky-upgrade-mod_ssl rocky-upgrade-mod_ssl-debuginfo References https://attackerkb.com/topics/cve-2024-38477 CVE - 2024-38477 https://errata.rockylinux.org/RLSA-2024:4726

Ubuntu: (Multiple Advisories) (CVE-2024-39573): Apache HTTP Server vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/10/2024 Added 07/09/2024 Modified 07/12/2024 Description Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) ubuntu-upgrade-apache2 References https://attackerkb.com/topics/cve-2024-39573 CVE - 2024-39573 USN-6885-1 USN-6885-2

MongoDB: Missing Authorization (CVE-2024-6375) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:P) Published 07/01/2024 Created 07/09/2024 Added 07/09/2024 Modified 01/28/2025 Description A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3. Solution(s) mongodb-upgrade-5_0_22 mongodb-upgrade-6_0_11 mongodb-upgrade-7_0_3 References https://attackerkb.com/topics/cve-2024-6375 CVE - 2024-6375 https://jira.mongodb.org/browse/SERVER-79327

Alma Linux: CVE-2024-6387: Important: openssh security update (ALSA-2024-4312) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/09/2024 Added 07/09/2024 Modified 01/30/2025 Description A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Solution(s) alma-upgrade-openssh alma-upgrade-openssh-askpass alma-upgrade-openssh-clients alma-upgrade-openssh-keycat alma-upgrade-openssh-server alma-upgrade-pam_ssh_agent_auth References https://attackerkb.com/topics/cve-2024-6387 CVE - 2024-6387 https://errata.almalinux.org/9/ALSA-2024-4312.html

Huawei EulerOS: CVE-2024-38475: httpd security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Solution(s) huawei-euleros-2_0_sp10-upgrade-httpd huawei-euleros-2_0_sp10-upgrade-httpd-filesystem huawei-euleros-2_0_sp10-upgrade-httpd-tools huawei-euleros-2_0_sp10-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2024-38475 CVE - 2024-38475 EulerOS-SA-2024-2440

Oracle Linux: CVE-2024-6387: ELSA-2024-12468: openssh security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/02/2024 Added 07/01/2024 Modified 12/01/2024 Description A security regression (CVE-2006-5051) was discovered in OpenSSH&apos;s server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Solution(s) oracle-linux-upgrade-openssh oracle-linux-upgrade-openssh-askpass oracle-linux-upgrade-openssh-clients oracle-linux-upgrade-openssh-keycat oracle-linux-upgrade-openssh-server oracle-linux-upgrade-pam-ssh-agent-auth References https://attackerkb.com/topics/cve-2024-6387 CVE - 2024-6387 ELSA-2024-12468 ELSA-2024-4312

FreeBSD: VID-D7EFC2AD-37AF-11EF-B611-84A93843EB75 (CVE-2024-38476): Apache httpd -- Multiple vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/03/2024 Added 07/02/2024 Modified 01/28/2025 Description Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) freebsd-upgrade-package-apache24 References CVE-2024-38476

FreeBSD: VID-D7EFC2AD-37AF-11EF-B611-84A93843EB75 (CVE-2024-38477): Apache httpd -- Multiple vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/01/2024 Created 07/03/2024 Added 07/02/2024 Modified 01/28/2025 Description null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Solution(s) freebsd-upgrade-package-apache24 References CVE-2024-38477

FreeBSD: VID-171AFA61-3EBA-11EF-A58F-080027836E8B (CVE-2024-38875): Django -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/12/2024 Added 07/10/2024 Modified 07/10/2024 Description An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. Solution(s) freebsd-upgrade-package-py310-django42 freebsd-upgrade-package-py310-django50 freebsd-upgrade-package-py311-django42 freebsd-upgrade-package-py311-django50 freebsd-upgrade-package-py39-django42 References CVE-2024-38875

Oracle Linux: CVE-2024-39573: ELSA-2024-4726:httpd security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 07/01/2024 Created 08/20/2024 Added 08/16/2024 Modified 01/08/2025 Description Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL&apos;s to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module. Solution(s) oracle-linux-upgrade-httpd oracle-linux-upgrade-httpd-core oracle-linux-upgrade-httpd-devel oracle-linux-upgrade-httpd-filesystem oracle-linux-upgrade-httpd-manual oracle-linux-upgrade-httpd-tools oracle-linux-upgrade-mod-http2 oracle-linux-upgrade-mod-ldap oracle-linux-upgrade-mod-lua oracle-linux-upgrade-mod-md oracle-linux-upgrade-mod-proxy-html oracle-linux-upgrade-mod-session oracle-linux-upgrade-mod-ssl References https://attackerkb.com/topics/cve-2024-39573 CVE - 2024-39573 ELSA-2024-4726 ELSA-2024-4720

JetBrains TeamCity: CVE-2024-39879: Application token could be exposed in EC2 Cloud Profile settings (TW-88399) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 07/01/2024 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2024-39879 CVE - 2024-39879 https://www.jetbrains.com/privacy-security/issues-fixed/

Juniper Junos OS: 2024-07 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and NFX Series: Specific valid traffic leads to a PFE crash (JSA83195) (CVE-2024-21586) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/01/2024 Created 07/02/2024 Added 07/03/2024 Modified 01/28/2025 Description An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an affected device receives specific valid traffic destined to the device, it will cause the PFE to crash and restart.Continued receipt and processing of this traffic will create a sustained DoS condition. This issue affects Junos OS on SRX Series: *21.4 versions before 21.4R3-S7.9, *22.1 versions before 22.1R3-S5.3, *22.2 versions before 22.2R3-S4.11, *22.3 versions before 22.3R3, *22.4 versions before 22.4R3. This issue affects Junos OS on NFX Series: *21.4 versions before 21.4R3-S8, *22.1 versions after 22.1R1, *22.2 versions before 22.2R3-S5, *22.3 versions before 22.3R3, *22.4 versions before 22.4R3. Junos OS versions prior to 21.4R1 are not affected by this issue. Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2024-21586 CVE - 2024-21586 JSA83195

FreeBSD: VID-D7EFC2AD-37AF-11EF-B611-84A93843EB75 (CVE-2024-38474): Apache httpd -- Multiple vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/03/2024 Added 07/02/2024 Modified 01/28/2025 Description Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Solution(s) freebsd-upgrade-package-apache24 References CVE-2024-38474

Amazon Linux AMI 2: CVE-2024-38474: Security patch for httpd (ALAS-2024-2594) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/23/2024 Added 07/23/2024 Modified 01/30/2025 Description Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Solution(s) amazon-linux-ami-2-upgrade-httpd amazon-linux-ami-2-upgrade-httpd-debuginfo amazon-linux-ami-2-upgrade-httpd-devel amazon-linux-ami-2-upgrade-httpd-filesystem amazon-linux-ami-2-upgrade-httpd-manual amazon-linux-ami-2-upgrade-httpd-tools amazon-linux-ami-2-upgrade-mod_ldap amazon-linux-ami-2-upgrade-mod_md amazon-linux-ami-2-upgrade-mod_proxy_html amazon-linux-ami-2-upgrade-mod_session amazon-linux-ami-2-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2024-38474 AL2/ALAS-2024-2594 CVE - 2024-38474

Alma Linux: CVE-2024-38475: Important: httpd:2.4 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/26/2024 Added 07/25/2024 Modified 09/20/2024 Description Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Solution(s) alma-upgrade-httpd alma-upgrade-httpd-core alma-upgrade-httpd-devel alma-upgrade-httpd-filesystem alma-upgrade-httpd-manual alma-upgrade-httpd-tools alma-upgrade-mod_http2 alma-upgrade-mod_ldap alma-upgrade-mod_lua alma-upgrade-mod_md alma-upgrade-mod_proxy_html alma-upgrade-mod_session alma-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2024-38475 CVE - 2024-38475 https://errata.almalinux.org/8/ALSA-2024-4720.html https://errata.almalinux.org/9/ALSA-2024-4726.html