Multiple vulnerabilities in Apache HTTP Server



| Updated: 2024-11-15
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2024-40725
CVE-2024-40898
CWE-ID CWE-200
CWE-918
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Vulnerable software
Apache HTTP Server
Server applications / Web servers

Vendor Apache Foundation

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU94504

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2024-40725

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error when processing legacy content-type based configuration of handlers, such as "AddType" and similar configuration when files are requested indirectly. A remote attacker can send a specially crafted HTTP request and view contents of files, for example the source code of a PHP script can be served instead of interpreted.

Note, the vulnerability exists due to incomplete fix for #VU93729 (CVE-2024-39884).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apache HTTP Server: 2.4.60 - 2.4.61

CPE2.3 External links

http://lists.apache.org/thread/h9znqpns25cjjlcxh3hss7j47nvjypf7


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU94503

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2024-40898

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in Apache HTTP Server on Windows with mod_rewrite in server/vhost context. A remote attacker can force the web server to leak NTML hashes to a malicious server via SSRF and malicious requests.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apache HTTP Server: 2.4 - 2.4.61

CPE2.3 External links

http://lists.apache.org/thread/5hhwb5mom6ptlzyhrxft72191hd0zfvh


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###