发布于3月6日3月6日 Members Oracle Linux: CVE-2024-39573: ELSA-2024-4726:httpd security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 07/01/2024 Created 08/20/2024 Added 08/16/2024 Modified 01/08/2025 Description Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module. Solution(s) oracle-linux-upgrade-httpd oracle-linux-upgrade-httpd-core oracle-linux-upgrade-httpd-devel oracle-linux-upgrade-httpd-filesystem oracle-linux-upgrade-httpd-manual oracle-linux-upgrade-httpd-tools oracle-linux-upgrade-mod-http2 oracle-linux-upgrade-mod-ldap oracle-linux-upgrade-mod-lua oracle-linux-upgrade-mod-md oracle-linux-upgrade-mod-proxy-html oracle-linux-upgrade-mod-session oracle-linux-upgrade-mod-ssl References https://attackerkb.com/topics/cve-2024-39573 CVE - 2024-39573 ELSA-2024-4726 ELSA-2024-4720
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。