CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:2.4.60:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*

History

01 Jul 2025, 20:27

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/07/17/6 - () http://www.openwall.com/lists/oss-security/2024/07/17/6 - Mailing List
References () https://httpd.apache.org/security/vulnerabilities_24.html - () https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20240712-0002/ - () https://security.netapp.com/advisory/ntap-20240712-0002/ - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/07/03/8 - () http://www.openwall.com/lists/oss-security/2024/07/03/8 - Mailing List
CWE NVD-CWE-noinfo
First Time Netapp
Apache
Apache http Server
Netapp ontap Tools
CPE cpe:2.3:a:apache:http_server:2.4.60:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*

21 Nov 2024, 09:28

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/03/8 -
References () http://www.openwall.com/lists/oss-security/2024/07/17/6 - () http://www.openwall.com/lists/oss-security/2024/07/17/6 -
References () https://httpd.apache.org/security/vulnerabilities_24.html - () https://httpd.apache.org/security/vulnerabilities_24.html -
References () https://security.netapp.com/advisory/ntap-20240712-0002/ - () https://security.netapp.com/advisory/ntap-20240712-0002/ -

19 Nov 2024, 21:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.2

17 Jul 2024, 21:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/07/17/6 -

12 Jul 2024, 14:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240712-0002/ -

05 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) Una regresión en el núcleo de Apache HTTP Server 2.4.60 ignora parte del uso de la configuración de controladores heredada basada en el tipo de contenido. "AddType" y configuraciones similares, en algunas circunstancias en las que los archivos se solicitan indirectamente, dan como resultado la divulgación del código fuente del contenido local. Por ejemplo, los scripts PHP pueden servirse en lugar de interpretarse. Se recomienda a los usuarios actualizar a la versión 2.4.61, que soluciona este problema.

04 Jul 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-04 09:15

Updated : 2025-07-01 20:27


NVD link : CVE-2024-39884

Mitre link : CVE-2024-39884

CVE.ORG link : CVE-2024-39884


JSON object : View

Products Affected

apache

  • http_server

netapp

  • ontap_tools