Red Hat: CVE-2024-39573: httpd: Potential SSRF in mod_rewrite (Multiple Advisories)

Red Hat: CVE-2024-39573: httpd: Potential SSRF in mod_rewrite (Multiple Advisories)

Severity

7

CVSS

(AV:N/AC:H/Au:N/C:C/I:C/A:N)

Published

07/01/2024

Created

07/24/2024

Added

07/24/2024

Modified

09/03/2024

Description

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Solution(s)

• redhat-upgrade-httpd
• redhat-upgrade-httpd-core
• redhat-upgrade-httpd-core-debuginfo
• redhat-upgrade-httpd-debuginfo
• redhat-upgrade-httpd-debugsource
• redhat-upgrade-httpd-devel
• redhat-upgrade-httpd-filesystem
• redhat-upgrade-httpd-manual
• redhat-upgrade-httpd-tools
• redhat-upgrade-httpd-tools-debuginfo
• redhat-upgrade-mod_http2
• redhat-upgrade-mod_http2-debuginfo
• redhat-upgrade-mod_http2-debugsource
• redhat-upgrade-mod_ldap
• redhat-upgrade-mod_ldap-debuginfo
• redhat-upgrade-mod_lua
• redhat-upgrade-mod_lua-debuginfo
• redhat-upgrade-mod_md
• redhat-upgrade-mod_md-debuginfo
• redhat-upgrade-mod_md-debugsource
• redhat-upgrade-mod_proxy_html
• redhat-upgrade-mod_proxy_html-debuginfo
• redhat-upgrade-mod_session
• redhat-upgrade-mod_session-debuginfo
• redhat-upgrade-mod_ssl
• redhat-upgrade-mod_ssl-debuginfo

References

• CVE-2024-39573
• RHSA-2024:4720
• RHSA-2024:4726
• RHSA-2024:5001