CVE-2024-38475 — CRITICAL (9.1)

Q: How severe is CVE-2024-38475?

CVE-2024-38475 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-38475?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Netapp Ontap 9, Sonicwall Sma 200 Firmware, Sonicwall Sma 200, Sonicwall Sma 210 Firmware.

Vulnerability Description

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 2.4.0, < 2.4.60
Netapp	Ontap 9	-
Sonicwall	Sma 200 Firmware	< 10.2.1.14-75sv
Sonicwall	Sma 200	-
Sonicwall	Sma 210 Firmware	< 10.2.1.14-75sv
Sonicwall	Sma 210	-
Sonicwall	Sma 400 Firmware	< 10.2.1.14-75sv
Sonicwall	Sma 400	-
Sonicwall	Sma 410 Firmware	< 10.2.1.14-75sv
Sonicwall	Sma 410	-
Sonicwall	Sma 500V Firmware	< 10.2.1.14-75sv
Sonicwall	Sma 500V	-

Related Weaknesses (CWE)

CWE-116

References

https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
https://security.netapp.com/advisory/ntap-20240712-0001/Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/01/8Third Party Advisory
https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cfPatch
https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018Third Party Advisory
https://security.netapp.com/advisory/ntap-20240712-0001/Third Party Advisory
https://www.blackhat.com/us-24/briefings/schedule/index.html#confusion-attacks-eThird Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2024-38475?

CVE-2024-38475 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not int...

How severe is CVE-2024-38475?

CVE-2024-38475 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-38475?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Netapp Ontap 9, Sonicwall Sma 200 Firmware, Sonicwall Sma 200, Sonicwall Sma 210 Firmware.