Rocky Linux: CVE-2024-38474: httpd (RLSA-2024-4726)

发布于3月6日3月6日

Members

Rocky Linux: CVE-2024-38474: httpd (RLSA-2024-4726)

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

07/01/2024

Created

07/30/2024

Added

07/29/2024

Modified

01/30/2025

Description

Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.

Solution(s)

rocky-upgrade-httpd
rocky-upgrade-httpd-core
rocky-upgrade-httpd-core-debuginfo
rocky-upgrade-httpd-debuginfo
rocky-upgrade-httpd-debugsource
rocky-upgrade-httpd-devel
rocky-upgrade-httpd-tools
rocky-upgrade-httpd-tools-debuginfo
rocky-upgrade-mod_ldap
rocky-upgrade-mod_ldap-debuginfo
rocky-upgrade-mod_lua
rocky-upgrade-mod_lua-debuginfo
rocky-upgrade-mod_proxy_html
rocky-upgrade-mod_proxy_html-debuginfo
rocky-upgrade-mod_session
rocky-upgrade-mod_session-debuginfo
rocky-upgrade-mod_ssl
rocky-upgrade-mod_ssl-debuginfo

References

https://attackerkb.com/topics/cve-2024-38474
CVE - 2024-38474
https://errata.rockylinux.org/RLSA-2024:4726

查看数 706
已创建 3月6日3月6日
最后回复 3月6日3月6日

https://www.ishack.org/topic/37542.html/

粉丝

转到主题列表

登录

Rocky Linux: CVE-2024-38474: httpd (RLSA-2024-4726)

recommended_posts

Rocky Linux: CVE-2024-38474: httpd (RLSA-2024-4726)

Description

Solution(s)

References

欢迎来到红帽社区

社区动态

红龙逆向工具箱2025最新版(ISHACK改良版)

修改底部版权信息

ips4.7升级到5.x版本问题。

IPS Invision Community 经常自动退出登录解决

网站程序安装中文语言包时没有中文选项？Debian中文包

帐户

导航

搜索