发布于3月6日3月6日 Members Amazon Linux 2023: CVE-2024-39573: Important priority package update for httpd Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 07/01/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. A flaw was found in the mod_rewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the mod_proxy module. Solution(s) amazon-linux-2023-upgrade-httpd amazon-linux-2023-upgrade-httpd-core amazon-linux-2023-upgrade-httpd-core-debuginfo amazon-linux-2023-upgrade-httpd-debuginfo amazon-linux-2023-upgrade-httpd-debugsource amazon-linux-2023-upgrade-httpd-devel amazon-linux-2023-upgrade-httpd-filesystem amazon-linux-2023-upgrade-httpd-manual amazon-linux-2023-upgrade-httpd-tools amazon-linux-2023-upgrade-httpd-tools-debuginfo amazon-linux-2023-upgrade-mod-ldap amazon-linux-2023-upgrade-mod-ldap-debuginfo amazon-linux-2023-upgrade-mod-lua amazon-linux-2023-upgrade-mod-lua-debuginfo amazon-linux-2023-upgrade-mod-proxy-html amazon-linux-2023-upgrade-mod-proxy-html-debuginfo amazon-linux-2023-upgrade-mod-session amazon-linux-2023-upgrade-mod-session-debuginfo amazon-linux-2023-upgrade-mod-ssl amazon-linux-2023-upgrade-mod-ssl-debuginfo References https://attackerkb.com/topics/cve-2024-39573 CVE - 2024-39573 https://alas.aws.amazon.com/AL2023/ALAS-2024-656.html
