Assigner | apache |
Reserved | 2024-06-25 |
Published | 2024-07-01 |
Updated | 2024-07-01 |
Description
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Problem types
CWE-20 Improper Input Validation
Product status
2.4.0
Timeline
2024-04-01: | reported |
Credits
Orange Tsai (@orange_8361) from DEVCORE
References
https://httpd.apache.org/security/vulnerabilities_24.html