CVE-2024-38473

HIGH NUCLEI

Apache HTTP Server <2.4.60 - Open Redirect

Title source: llm

Description

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Exploits (3)

github SCANNER 123 stars

by mrmtwoj · pythonpoc

https://github.com/mrmtwoj/apache-vulnerability-testing

View Code ZIP pw:eip

nomisec SCANNER 29 stars

by juanschallibaum · poc

https://github.com/juanschallibaum/CVE-2024-38473-Nuclei-Template

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by Abdurahmon3236 · poc

https://github.com/Abdurahmon3236/CVE-2024-38473

View Code ZIP pw:eip

Nuclei Templates (1)

Apache HTTP Server - ACL Bypass

HIGHby pdteam

References (3)

[Vendor Advisory] https://httpd.apache.org/security/vulnerabilities_24.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20240712-0001/

[Mailing List] http://www.openwall.com/lists/oss-security/2024/07/01/6

Scores

CVSS v3 8.1

EPSS 0.8826

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Classification

CWE

CWE-116

Status published

Affected Products (2)

apache/http_server < 2.4.60

netapp/ontap

Timeline

Published Jul 01, 2024

Tracked Since Feb 18, 2026