CVE-2024-39573

HIGH

Apache HTTP Server < 2.4.60 - Server-Side Request Forgery via mod_rewrite RewriteRule

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-39573. PoCs published by mrmtwoj.

AI-analyzed exploit summary The repository contains a Python script that scans for multiple Apache HTTP Server vulnerabilities by sending crafted HTTP requests to detect potential misconfigurations or weaknesses. It does not include exploit code for achieving RCE or other offensive actions, only detection logic.

Description

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Exploits (1)

github SCANNER 123 stars
by mrmtwoj · pythonpoc
https://github.com/mrmtwoj/apache-vulnerability-testing

The repository contains a Python script that scans for multiple Apache HTTP Server vulnerabilities by sending crafted HTTP requests to detect potential misconfigurations or weaknesses. It does not include exploit code for achieving RCE or other offensive actions, only detection logic.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Apache HTTP Server (various versions)
No auth needed
Prerequisites: Python 3.x · requests library · network access to target Apache server
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.5
EPSS 0.3545
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (2)
apache/http_server 2.4.0 - 2.4.60
netapp/ontap 9
Published Jul 01, 2024
Tracked Since Feb 18, 2026