跳转到帖子

Amazon Linux 2023: CVE-2024-38473: Important priority package update for httpd

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Amazon Linux 2023: CVE-2024-38473: Important priority package update for httpd

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
07/01/2024
Created
02/14/2025
Added
02/14/2025
Modified
02/14/2025

Description

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue. A flaw was found in the mod_proxy module of httpd. Due to an encoding problem, specially crafted request URLs with incorrect encoding can be sent to backend services, potentially bypassing authentication.

Solution(s)

  • amazon-linux-2023-upgrade-httpd
  • amazon-linux-2023-upgrade-httpd-core
  • amazon-linux-2023-upgrade-httpd-core-debuginfo
  • amazon-linux-2023-upgrade-httpd-debuginfo
  • amazon-linux-2023-upgrade-httpd-debugsource
  • amazon-linux-2023-upgrade-httpd-devel
  • amazon-linux-2023-upgrade-httpd-filesystem
  • amazon-linux-2023-upgrade-httpd-manual
  • amazon-linux-2023-upgrade-httpd-tools
  • amazon-linux-2023-upgrade-httpd-tools-debuginfo
  • amazon-linux-2023-upgrade-mod-ldap
  • amazon-linux-2023-upgrade-mod-ldap-debuginfo
  • amazon-linux-2023-upgrade-mod-lua
  • amazon-linux-2023-upgrade-mod-lua-debuginfo
  • amazon-linux-2023-upgrade-mod-proxy-html
  • amazon-linux-2023-upgrade-mod-proxy-html-debuginfo
  • amazon-linux-2023-upgrade-mod-session
  • amazon-linux-2023-upgrade-mod-session-debuginfo
  • amazon-linux-2023-upgrade-mod-ssl
  • amazon-linux-2023-upgrade-mod-ssl-debuginfo

References

  • https://attackerkb.com/topics/cve-2024-38473
  • CVE - 2024-38473
  • https://alas.aws.amazon.com/AL2023/ALAS-2024-656.html
  • 引用
  • Mention
    • 查看数 700
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表