Bug 2295022 (CVE-2024-39573) - CVE-2024-39573 httpd: Potential SSRF in mod_rewrite
Summary: CVE-2024-39573 httpd: Potential SSRF in mod_rewrite
Keywords:
Status: NEW
Alias: CVE-2024-39573
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2295106
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-01 19:23 UTC by OSIDB Bzimport
Modified: 2025-05-16 08:28 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gitlab redhat/rhel/tests/httpd/-/tree/master/Security/CVE-2024-39573-httpd-mod_rewrite-proxy-SSRF 0 None None None 2024-07-19 06:57:28 UTC
Red Hat Product Errata RHBA-2024:4782 0 None None None 2024-07-23 16:28:55 UTC
Red Hat Product Errata RHBA-2024:4789 0 None None None 2024-07-23 21:32:38 UTC
Red Hat Product Errata RHBA-2024:4909 0 None None None 2024-07-30 08:41:08 UTC
Red Hat Product Errata RHBA-2024:4969 0 None None None 2024-08-01 07:54:09 UTC
Red Hat Product Errata RHBA-2024:4984 0 None None None 2024-08-01 21:41:40 UTC
Red Hat Product Errata RHSA-2024:4720 0 None None None 2024-07-23 08:50:02 UTC
Red Hat Product Errata RHSA-2024:4726 0 None None None 2024-07-23 13:18:45 UTC
Red Hat Product Errata RHSA-2024:5001 0 None None None 2024-08-05 09:01:03 UTC
Red Hat Product Errata RHSA-2024:5239 0 None None None 2024-08-13 13:08:18 UTC
Red Hat Product Errata RHSA-2024:5240 0 None None None 2024-08-13 13:06:41 UTC

Description OSIDB Bzimport 2024-07-01 19:23:39 UTC 
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Comment 2 errata-xmlrpc 2024-07-23 08:50:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4720 https://access.redhat.com/errata/RHSA-2024:4720
Comment 3 errata-xmlrpc 2024-07-23 13:18:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4726 https://access.redhat.com/errata/RHSA-2024:4726
Comment 4 errata-xmlrpc 2024-08-05 09:01:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:5001 https://access.redhat.com/errata/RHSA-2024:5001
Comment 5 errata-xmlrpc 2024-08-13 13:06:40 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2024:5240 https://access.redhat.com/errata/RHSA-2024:5240
Comment 6 errata-xmlrpc 2024-08-13 13:08:16 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2024:5239 https://access.redhat.com/errata/RHSA-2024:5239
Note You need to log in before you can comment on or make changes to this bug.