Headline
About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability
About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability. Improper escaping of output in mod_rewrite module leads to remote code execution or arbitrary file reading. Successful exploitation does not require authentication. 🔻 Apache HTTP Server 2.4.60, which includes a fix for this vulnerability, was released on July 1, 2024. Orange […]
About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability. Improper escaping of output in mod_rewrite module leads to remote code execution or arbitrary file reading. Successful exploitation does not require authentication.
🔻 Apache HTTP Server 2.4.60, which includes a fix for this vulnerability, was released on July 1, 2024. Orange Tsai (DEVCORE) published technical details and BH2024 slides on the vulnerability on August 9, 2024. A PoC exploit has been on GitHub since August 18, 2024.
🔻 On April 29, 2025, it was disclosed that CVE-2024-38475 is actively exploited to compromise SonicWall SMA gateways. WatchTowr Labs explains how the vulnerability exposes the SQLite file with active session tokens. On May 1, the vulnerability was added to the CISA KEV.
Naturally, this vulnerability could potentially affect far more than just SonicWall appliances. 😏
На русском
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
Related news
watchTowr reveals active exploitation of SonicWall SMA 100 vulnerabilities (CVE-2024-38475 & CVE-2023-44221) potentially leading to full system takeover…
Gentoo Linux Security Advisory 202409-31 - Multiple vulnerabilities have been found in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.62 are affected.
Ubuntu Security Notice 6885-3 - USN-6885-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions.
Red Hat Security Advisory 2024-4938-03 - An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4830-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4827-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a null pointer vulnerability.
Red Hat Security Advisory 2024-4820-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a null pointer vulnerability.
Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
Ubuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to h...
Ubuntu Security Notice 6885-1 - Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication.