REDHAT-BUG-2295022: SSRF
First published: Mon Jul 01 2024(Updated: )
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Http Server | <2.4.60 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2295022?
The severity of REDHAT-BUG-2295022 is considered to be high due to the potential for Server-Side Request Forgery (SSRF).
How do I fix REDHAT-BUG-2295022?
To fix REDHAT-BUG-2295022, upgrade your Apache HTTP Server to version 2.4.60 or later.
What causes the vulnerability REDHAT-BUG-2295022?
REDHAT-BUG-2295022 is caused by unsafe RewriteRules in mod_rewrite that can inadvertently allow URL handling by mod_proxy.
Which versions of Apache HTTP Server are affected by REDHAT-BUG-2295022?
Apache HTTP Server versions up to and including 2.4.59 are affected by REDHAT-BUG-2295022.
Is there a workaround for REDHAT-BUG-2295022 until I can upgrade?
While a specific workaround for REDHAT-BUG-2295022 is not detailed, best practices suggest reviewing and securing your RewriteRules until an upgrade is performed.
- agent/weakness
- agent/severity
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-39573
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache http server