June 26, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Juniper Networks Issues Critical Security Update for Routers
July 2, 2024CVE-2024-37137 – Dell CloudLink Vulnerability
July 2, 2024Juniper Networks Issues Critical Security Update for Routers
July 2, 2024CVE-2024-37137 – Dell CloudLink Vulnerability
July 2, 2024
Severity
High
Analysis Summary
CVE-2024-36387 CVSS:7.5
Apache HTTP Server s vulnerable to a denial of service, caused by a NULL Pointer dereference flaw when serving WebSocket protocol upgrades over a HTTP/2 connection. By sending a specially crafted request, a remote attacker could exploit this vulnerability to crash the server process and degrade performance.
CVE-2024-38472 CVSS:9.1
Apache HTTP Server is vulnerable to server-side request forgery, caused by improper validation of WIndows UNC. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
CVE-2024-38473 CVSS:7.5
Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in mod_proxy. By sending specially crafted requests, an attacker could exploit this vulnerability to bypass authentication validation.
CVE-2024-38474 CVSS:7.3
Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution encoding issue in mod_rewrite. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in directories permitted by the configuration.
CVE-2024-38475 CVSS:9.8
Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by improper escaping of output in mod_rewrite. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or source code disclosure.
CVE-2024-38476 CVSS:9.4
Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by improper input validation by the backend applications response headers. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, perform server-side request forgery attack or local script execution.
CVE-2024-38477 CVSS:7.5
Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in mod_proxy. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39573 CVSS:7.5
Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the mod_rewrite. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
Impact
- Denial of Service
- Gain Access
- Code Execution
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-36387
- CVE-2024-38472
- CVE-2024-38473
- CVE-2024-38474
- CVE-2024-38475
- CVE-2024-38476
- CVE-2024-38477
- CVE-2024-39573
Affected Vendors
Apache
Affected Products
- Apache HTTP Server 2.4.0
- Apache HTTP Server 2.4.59
Remediation
Upgrade to the latest version of Apache HTTP Server, available from the Apache Website.