Ubuntu: (Multiple Advisories) (CVE-2024-39573): Apache HTTP Server vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-39573): Apache HTTP Server vulnerabilities

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

07/01/2024

Created

07/10/2024

Added

07/09/2024

Modified

07/12/2024

Description

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Solution(s)

• ubuntu-upgrade-apache2

References

• https://attackerkb.com/topics/cve-2024-39573
• CVE - 2024-39573
• USN-6885-1
• USN-6885-2