RHSA-2025:13680 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP1 security update

Bulletin has no description...

EulerOS Virtualization 2.12.0 : httpd (EulerOS-SA-2025-1561)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2024-2982)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

K000148354: Apache vulnerability CVE-2024-40725

Security Advisory Description A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source...

Amazon Linux 2 : httpd (ALAS-2024-2606)

The version of httpd installed on the remote host is prior to 2.4.62-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2606 advisory. A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based...

CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1

CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1. An upgraded version of the package is available that resolves this issue...

Important: httpd

Issue Overview: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosu...

BIT-APACHE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

CVE-2024-40898

A flaw was found in HTTPd on Windows systems. This issue potentially allows NTLM hashes to be leaked via modrewrite in server/vhost context to a malicious server via Server-side request forgery SSRF and malicious requests or content. Mitigation Mitigation for this issue is either not available or...

CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

CVE-2024-40725 Apache HTTP Server: source code disclosure with handlers configured via AddType

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

CVE-2024-40898

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

PT-2024-5185 · Apache +6 · Apache Http Server +6

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.61 Description: The issue is related to the core of Apache HTTP Server, where a partial fix ignores some use of the legacy content-type based configuration of handlers. This can result in source code disclosure...