REDHAT-BUG-2295012
First published: Mon Jul 01 2024(Updated: )
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Http Server | <2.4.60 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2295012?
REDHAT-BUG-2295012 has a critical severity due to its potential to bypass authentication in backend services.
How do I fix REDHAT-BUG-2295012?
To fix REDHAT-BUG-2295012, upgrade to Apache HTTP Server version 2.4.60 or later.
Which versions of Apache HTTP Server are affected by REDHAT-BUG-2295012?
Apache HTTP Server versions 2.4.59 and earlier are affected by REDHAT-BUG-2295012.
What could happen if REDHAT-BUG-2295012 is exploited?
If REDHAT-BUG-2295012 is exploited, attackers could send crafted requests that bypass authentication to backend services.
Is there a workaround for REDHAT-BUG-2295012?
There is no official workaround for REDHAT-BUG-2295012; upgrading is the recommended solution.
- agent/severity
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-38473
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache http server