CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38474

Critical Severity
Apache
SVRS
89/100
CVSSv3
9.8/10
EPSS
0.00725/1

CVE-2024-38474 is a critical vulnerability in the Apache HTTP Server's mod_rewrite module. This flaw, affecting versions 2.4.59 and earlier, enables attackers to execute scripts in restricted directories or expose sensitive source code. With a SOCRadar Vulnerability Risk Score (SVRS) of 89, this vulnerability is classified as critical and demands immediate attention. CVE-2024-38474 stems from a substitution encoding issue, where unsafely captured and substituted RewriteRules can be exploited. Successful exploitation could lead to unauthorized script execution or source code disclosure, significantly compromising the security of affected servers. Given active exploits are available, upgrading to version 2.4.60 is crucial to mitigate this severe risk and prevent potential attacks. The severity of CVE-2024-38474 is compounded by the availability of exploit code, making it a high-priority threat for organizations using vulnerable Apache HTTP Server versions.

TAGS
In The Wild
Exploit Avaliable
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-07-01
LAST MODIFIED2025-03-25
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-38474 is a substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier. This vulnerability allows an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only be executed as CGI.

Key Insights:

  • The CVSS score of 9.8 indicates a critical vulnerability, requiring immediate attention.
  • The SVRS of 30 suggests a moderate risk, highlighting the need for proactive measures.
  • The vulnerability is actively exploited in the wild, making it a high-priority threat.

Mitigation Strategies:

  • Upgrade to Apache HTTP Server version 2.4.60 or later.
  • Review and adjust RewriteRules to ensure they capture and substitute safely.
  • Implement additional security measures, such as input validation and access control lists.
  • Monitor for suspicious activity and apply security patches promptly.

Additional Information:

  • Threat Actors/APT Groups: Not specified
  • Exploit Status: Active exploits have been published
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
1045447b3a83e357c2048bc2ea283fa22025-04-10
HASH
f8a076dcf0384e1f93bded36c8a9646c2025-04-10
HASH
194f17553dc3daf9c7975a26d1cf908e1557ab5debca1cc79e2815dc9266c8de2025-04-10
IP
101.132.164.1722025-04-10
IP
8.212.128.2402025-04-10
IP
8.222.153.612025-04-10
URL
http://34.160.47.42:4432025-04-10

Exploits

TitleSoftware LinkDate
mrmtwoj/apache-vulnerability-testinghttps://github.com/mrmtwoj/apache-vulnerability-testing2024-10-05
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Debian Security Advisory 5729-2
2024-10-09
Debian Security Advisory 5729-2 | Debian Linux Security Advisory 5729-2 - The fixes for CVE-2024-38474 and CVE-2024-39884 introduced two regressions in mod_rewrite and mod_proxy.
cve-2024-38474
cve-2024-39884
cves
debian
Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to Cyber Attack
Dhivya2024-07-18
Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to Cyber Attack | The Apache Software Foundation has disclosed several critical vulnerabilities in the Apache HTTP Server, which could potentially expose millions of websites to cyber-attacks. These vulnerabilities, identified by their Common Vulnerabilities and Exposures (CVE) numbers, affect various versions of the Apache HTTP Server and could lead to severe consequences such as source code disclosure, server-side request […] The post Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to
cybersecuritynews.com
rss
forum
news
USN-6885-2: Apache HTTP Server regression
2024-07-11
USN-6885-2: Apache HTTP Server regression | USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2024-36387) Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs
cve-2024-39884
cve-2024-38474
cve-2024-38476
cve-2024-38475
USN-6885-1: Apache HTTP Server vulnerabilities
2024-07-08
USN-6885-1: Apache HTTP Server vulnerabilities | Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2024-36387) Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. (CVE-2024-38473) Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker
cve-2024-38477
cve-2024-38475
cve-2024-38474
cve-2024-39884
CVE-2024-38474 | Apache HTTP Server up to 2.4.59 mod_rewrite encoding error
vuldb.com2024-07-01
CVE-2024-38474 | Apache HTTP Server up to 2.4.59 mod_rewrite encoding error | A vulnerability classified as critical was found in Apache HTTP Server up to 2.4.59. Affected by this vulnerability is an unknown functionality of the component mod_rewrite. The manipulation leads to encoding error. This vulnerability is known as CVE-2024-38474. The attack can be launched remotely. There is no exploit
cve-2024-38474
domains
urls
cves
CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences
2024-07-01
CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences | Posted by Eric Covener on Jul 01Severity: important Affected versions: - Apache HTTP Server 2.4.0 through 2.4.59 Description: Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source
cve-2024-38474
cves
config
apache

Social Media

mrmtwoj/apache-vulnerability-testing: Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709 https://t.co/1vHVQPeJmm
0
1
1
GitHub - mrmtwoj/apache-vulnerability-testing: Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709 https://t.co/wxO2nxclqJ
0
0
2
Debian Security Advisory 5729-2: Debian Linux Security Advisory 5729-2 - The fixes for CVE-2024-38474 and CVE-2024-39884 introduced two regressions in mod_rewrite and mod_proxy. https://t.co/5q104yuXEs
0
0
0
IT関連サイト記事が更新されました!記事はこちらから⇒ Apache HTTP Serverの脆弱性(Important:CVE-2024-38472, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, Moderate: CVE-2024-38473, CVE-2024-39573, Low: CVE-2024-36387) https://t.co/I2uNNdaPiY
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppApachehttp_server
Configuration 2
TypeVendorProduct
OSNetappclustered_data_ontap

References

ReferenceLink
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html
[email protected]https://security.netapp.com/advisory/ntap-20240712-0001/
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/07/01/7
AF854A3A-2127-422B-91AE-364DA2661108https://httpd.apache.org/security/vulnerabilities_24.html
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20240712-0001/
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html
[email protected]https://security.netapp.com/advisory/ntap-20240712-0001/

CWE Details

CWE IDCWE NameDescription
CWE-116Improper Encoding or Escaping of OutputThe software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence