ByteOS Network

NVD Vulnerability Details :

CVE-2024-38474

Modified

Source-security@apache.org

Published At-01 Jul, 2024 | 19:15

Updated At-25 Mar, 2025 | 19:15

Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CPE Matches

The Apache Software Foundation

>>http_server>>Versions from 2.4.0(inclusive) to 2.4.60(exclusive)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

NetApp, Inc.

>>clustered_data_ontap>>9.0

cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-116	Secondary	security@apache.org

References

Hyperlink	Source	Resource
https://httpd.apache.org/security/vulnerabilities_24.html	security@apache.org	Vendor Advisory
https://security.netapp.com/advisory/ntap-20240712-0001/	security@apache.org	Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/01/7	af854a3a-2127-422b-91ae-364da2661108	N/A
https://httpd.apache.org/security/vulnerabilities_24.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://security.netapp.com/advisory/ntap-20240712-0001/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History