Main Vulnerability Database Vulnerabilities #VU93543

#VU93543 Server-Side Request Forgery (SSRF) in Apache HTTP Server - CVE-2024-38476

Published: July 1, 2024

Vulnerability identifier: #VU93543

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-38476

CWE-ID: CWE-918

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache HTTP Server

Software vendor:
Apache Foundation

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker with control over the backend server can run local handlers via internal redirect and gain access to sensitive information or compromise the affected system.

Remediation

Install updates from vendor's website.

External links

https://lists.apache.org/thread/p2xfjsvpogyrg4hw9cjs2nrnqnl34qf0