Unsafe RewriteRules Can Cause URL Redirection in Apache HTTP Server
CVE-2024-39573
Currently unrated
Summary
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Affected Version(s)
Apache HTTP Server 2.4.0 <= 2.4.59
References
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Orange Tsai (@orange_8361) from DEVCORE