Apache HTTP Server 2.4.60 Regression Leads to Source Code Disclosure
CVE-2024-39884

6.2MEDIUM

Key Information:

Vendor

Apache
Status
Apache Http Server
Vendor
CVE Published:
4 July 2024

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2024-39884?

The Apache Foundation has addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The vulnerability is caused by a regression in the handling of legacy content-type configurations, resulting in source code disclosure of local content, such as PHP scripts. Users are recommended to upgrade to version 2.4.61 to address this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache HTTP Server 2.4.60

News Articles

favicon imageSecurity Affairs

Apache fixed a source code disclosure flaw in Apache HTTP Server

The Apache Foundation addressed a source code disclosure vulnerability, tracked as CVE-2024-39884, in the Apache HTTP Server.

References

https://httpd.apache.org/security/vulnerabilities_24.html
vendor-advisory
https://security.netapp.com/advisory/ntap-20240712-0002/
http://www.openwall.com/lists/oss-security/2024/07/17/6

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ“ฐ

    First article discovered by Security Affairs

  • Vulnerability published

  • Vulnerability Reserved

JSON
.