CVE-2024-38473

HIGH NUCLEI

Apache HTTP Server <2.4.60 - Open Redirect

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-38473. PoCs published by mrmtwoj, juanschallibaum, Abdurahmon3236. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a Python script that scans for multiple Apache HTTP Server vulnerabilities by sending crafted HTTP requests to detect potential misconfigurations or weaknesses. It does not include exploit code for achieving RCE or other offensive actions, only detection logic.

Description

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Exploits (3)

github SCANNER 123 stars
by mrmtwoj · pythonpoc
https://github.com/mrmtwoj/apache-vulnerability-testing

The repository contains a Python script that scans for multiple Apache HTTP Server vulnerabilities by sending crafted HTTP requests to detect potential misconfigurations or weaknesses. It does not include exploit code for achieving RCE or other offensive actions, only detection logic.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Apache HTTP Server (various versions)
No auth needed
Prerequisites: Python 3.x · requests library · network access to target
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec SCANNER 29 stars
by juanschallibaum · poc
https://github.com/juanschallibaum/CVE-2024-38473-Nuclei-Template

This repository contains a Nuclei template designed to detect Apache HTTP Server instances vulnerable to CVE-2024-38473, an ACL bypass vulnerability in mod_proxy. The template includes multiple HTTP requests to identify vulnerable configurations and potential protected files that could be bypassed.

Classification
Scanner 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Apache HTTP Server < 2.4.60 with PHP-FPM
No auth needed
Prerequisites: Apache HTTP Server < 2.4.60 · PHP-FPM with default configuration
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 3 stars
by Abdurahmon3236 · poc
https://github.com/Abdurahmon3236/CVE-2024-38473

This repository contains a functional Python script demonstrating an authentication bypass vulnerability in Apache HTTP Server's mod_proxy module via incorrect URL encoding. The PoC sends a crafted request with a maliciously encoded path to bypass authentication and access protected resources.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache HTTP Server 2.4.59 and earlier
No auth needed
Prerequisites: Python 3.x · requests library · access to a vulnerable Apache HTTP Server instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Apache HTTP Server - ACL Bypass
HIGHby pdteam

References (3)

Core 3

Scores

CVSS v3 8.1
EPSS 0.2588
EPSS Percentile 97.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-116
Status published
Products (2)
apache/http_server 2.4.0 - 2.4.60
netapp/ontap 9
Published Jul 01, 2024
Tracked Since Feb 18, 2026