Unsafe RewriteRules Can Cause URL Redirection in Apache HTTP Server

CVE-2024-39573

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 1 July 2024

Summary

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Affected Version(s)

Apache HTTP Server <= 2.4.59

Timeline

Vulnerability published.
Jul 1, 2024
Vulnerability Reserved.
Jun 25, 2024
reported
Apr 1, 2024

Collectors

NVD DatabaseMitre Database

Credit

Orange Tsai (@orange_8361) from DEVCORE

.