CVE-2024-39573

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*

History

01 Jul 2025, 20:25

Type Values Removed Values Added
CPE cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
First Time Netapp
Apache
Apache http Server
Netapp ontap
References () https://httpd.apache.org/security/vulnerabilities_24.html - () https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20240712-0001/ - () https://security.netapp.com/advisory/ntap-20240712-0001/ - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/01/11 - () http://www.openwall.com/lists/oss-security/2024/07/01/11 - Mailing List

21 Nov 2024, 09:28

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/01/11 -
References () https://httpd.apache.org/security/vulnerabilities_24.html - () https://httpd.apache.org/security/vulnerabilities_24.html -
References () https://security.netapp.com/advisory/ntap-20240712-0001/ - () https://security.netapp.com/advisory/ntap-20240712-0001/ -

12 Jul 2024, 14:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240712-0001/ -

03 Jul 2024, 02:05

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

02 Jul 2024, 12:09

Type Values Removed Values Added
Summary
  • (es) El potencial SSRF en mod_rewrite en Apache HTTP Server 2.4.59 y versiones anteriores permite a un atacante provocar que RewriteRules inseguras configuren inesperadamente URL para que sean manejadas por mod_proxy. Se recomienda a los usuarios actualizar a la versión 2.4.60, que soluciona este problema.

01 Jul 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-01 19:15

Updated : 2025-07-01 20:25


NVD link : CVE-2024-39573

Mitre link : CVE-2024-39573

CVE.ORG link : CVE-2024-39573


JSON object : View

Products Affected

netapp

  • ontap

apache

  • http_server
CWE
CWE-20

Improper Input Validation