CVE-2024-39573
Publication date 1 July 2024
Last updated 24 July 2024
Ubuntu priority
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Status
Package | Ubuntu Release | Status |
---|---|---|
apache2 | 24.04 LTS noble |
Fixed 2.4.58-1ubuntu8.2
|
22.04 LTS jammy |
Fixed 2.4.52-1ubuntu4.10
|
|
20.04 LTS focal |
Fixed 2.4.41-4ubuntu3.19
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty |
Needs evaluation
|
Notes
Patch details
Package | Patch details |
---|---|
apache2 |
|
References
Related Ubuntu Security Notices (USN)
- USN-6885-1
- Apache HTTP Server vulnerabilities
- 8 July 2024