Multiple vulnerabilities in Apache HTTP Server
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-40725 CVE-2024-40898 |
| CWE-ID | CWE-200 CWE-918 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
Apache HTTP Server Server applications / Web servers |
| Vendor | Apache Foundation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU94504
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-40725
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when processing legacy content-type based configuration of handlers, such as "AddType" and similar configuration when files are requested indirectly. A remote attacker can send a specially crafted HTTP request and view contents of files, for example the source code of a PHP script can be served instead of interpreted.
Note, the vulnerability exists due to incomplete fix for #VU93729 (CVE-2024-39884).
Install updates from vendor's website.
Vulnerable software versionsApache HTTP Server: 2.4.60 - 2.4.61
External linkshttp://lists.apache.org/thread/h9znqpns25cjjlcxh3hss7j47nvjypf7
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU94503
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-40898
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in Apache HTTP Server on Windows with mod_rewrite in server/vhost context. A remote attacker can force the web server to leak NTML hashes to a malicious server via SSRF and malicious requests.
Install updates from vendor's website.
Vulnerable software versionsApache HTTP Server: 2.4 - 2.4.61
External linkshttp://lists.apache.org/thread/5hhwb5mom6ptlzyhrxft72191hd0zfvh
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
