CVE-2024-39573

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-39573
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39573.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-39573
Aliases
Downstream
Related
Published
2024-07-01T18:16:44.297Z
Modified
2026-05-28T04:09:54.335585160Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Apache HTTP Server: mod_rewrite proxy handler substitution
Details

Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39573.json",
    "cwe_ids": [
        "CWE-20"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2.4.0"
                },
                {
                    "last_affected": "2.4.59"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "apache"
}
References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
da5873e80d6eee7a0838793bf68f1d0254745fbb
Fixed
15e7241fa52e86096ee061e1b7fca0cd8d6f53ee
Database specific 
{
    "extracted_events": [
        {
            "introduced": "2.4.0"
        },
        {
            "fixed": "2.4.60"
        }
    ],
    "cpe": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39573.json"