Apache HTTP Server 2.4.60 Regression Leads to Source Code Disclosure
CVE-2024-39884

6.2MEDIUM

Key Information:

Vendor

Apache
Status
Apache Http Server
Vendor
CVE Published:
4 July 2024

Badges

đź“° News Worthy

What is CVE-2024-39884?

The Apache Foundation has addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The vulnerability is caused by a regression in the handling of legacy content-type configurations, resulting in source code disclosure of local content, such as PHP scripts. Users are recommended to upgrade to version 2.4.61 to address this issue.

Affected Version(s)

Apache HTTP Server 2.4.60

News Articles

favicon imageSecurity Affairs

Apache fixed a source code disclosure flaw in Apache HTTP Server

The Apache Foundation addressed a source code disclosure vulnerability, tracked as CVE-2024-39884, in the Apache HTTP Server.

References

https://httpd.apache.org/security/vulnerabilities_24.html
vendor-advisory
https://security.netapp.com/advisory/ntap-20240712-0002/
http://www.openwall.com/lists/oss-security/2024/07/17/6

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Security Affairs

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-39884 : Apache HTTP Server 2.4.60 Regression Leads to Source Code Disclosure