Apache HTTP Server 2.4.60 Regression Leads to Source Code Disclosure
CVE-2024-39884

Currently unrated

Key Information:

Vendor
Apache
Status
Apache Http Server
Vendor
CVE Published:
4 July 2024

Badges

πŸ“° News Worthy

Summary

The Apache Foundation has addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The vulnerability is caused by a regression in the handling of legacy content-type configurations, resulting in source code disclosure of local content, such as PHP scripts. Users are recommended to upgrade to version 2.4.61 to address this issue.

Affected Version(s)

Apache HTTP Server 2.4.60

News Articles

favicon imageSecurity Affairs

Apache fixed a source code disclosure flaw in Apache HTTP Server

The Apache Foundation addressed a source code disclosure vulnerability, tracked as CVE-2024-39884, in the Apache HTTP Server.

6 months ago

References

https://httpd.apache.org/security/vulnerabilities_24.html
vendor-advisory
https://security.netapp.com/advisory/ntap-20240712-0002/
http://www.openwall.com/lists/oss-security/2024/07/17/6

Timeline

  • πŸ“°

    First article discovered by Security Affairs

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.