Apache HTTP Server Multiple Vulnerabilities

Last Update Date: 2 May 2025 Release Date: 3 Jul 2024 10113 Views

RISK: High Risk

High Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were identified in Apache HTTP Server. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

 

Note:

CVE-2024-38475 is being exploited in the wild. This vulnerability allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Hence, the risk level is rated as High Risk.

 

[Updated on 2025-05-02] 

Updated Description, Risk Level and Related Links.

 

 

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Apache HTTP Server versions prior to 2.4.60

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

  • Apache HTTP Server version 2.4.60

Vulnerability Identifier

Source

Related Link

Related Tags

ApacheDenial of ServiceRemote Code ExecutionSecurity Restriction BypassInformation DisclosureExploit In The Wild

Share with

Previous

Apache Tomcat Multiple Vulnerabilities

30 Apr 2025 5650 Views

Next

SonicWall Products Multiple Vulnerabilities

2 May 2025 5657 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY