Search for vulnerabilities
Vulnerability details: VCID-bd7g-fxqr-aaad
Vulnerability ID VCID-bd7g-fxqr-aaad
Aliases CVE-2024-38475
Summary Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
Status Published
Exploitability 2.0
Weighted Severity 8.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-116 Improper Encoding or Escaping of Output
System Score Found at
cvssv3 9.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.46951 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.6298 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.6298 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.6298 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.6298 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.6298 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.6298 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.6298 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.6298 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.63989 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.63989 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.7682 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.7682 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.7682 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.7682 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.7682 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.7682 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.7682 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.7682 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.7682 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.79189 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.85261 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92376 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92376 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92401 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92481 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92481 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92935 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92935 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.92935 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.93167 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
epss 0.9355 https://api.first.org/data/v1/epss?cve=CVE-2024-38475
cvssv3.1 8.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://httpd.apache.org/security/vulnerabilities_24.html
cvssv3.1 9.1 https://httpd.apache.org/security/vulnerabilities_24.html
generic_textual HIGH https://httpd.apache.org/security/vulnerabilities_24.html
ssvc Act https://httpd.apache.org/security/vulnerabilities_24.html
cvssv3.1 9.1 https://security.netapp.com/advisory/ntap-20240712-0001/
ssvc Act https://security.netapp.com/advisory/ntap-20240712-0001/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json
https://api.first.org/data/v1/epss?cve=CVE-2024-38475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cf
https://httpd.apache.org/security/vulnerabilities_24.html
https://security.netapp.com/advisory/ntap-20240712-0001/
https://www.blackhat.com/us-24/briefings/schedule/index.html#confusion-attacks-exploiting-hidden-semantic-ambiguity-in-apache-http-server-pre-recorded-40227
http://www.openwall.com/lists/oss-security/2024/07/01/8
2295014 https://bugzilla.redhat.com/show_bug.cgi?id=2295014
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*
CVE-2024-38475 https://httpd.apache.org/security/json/CVE-2024-38475.json
CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475
GLSA-202409-31 https://security.gentoo.org/glsa/202409-31
RHSA-2024:4719 https://access.redhat.com/errata/RHSA-2024:4719
RHSA-2024:4720 https://access.redhat.com/errata/RHSA-2024:4720
RHSA-2024:4726 https://access.redhat.com/errata/RHSA-2024:4726
RHSA-2024:4820 https://access.redhat.com/errata/RHSA-2024:4820
RHSA-2024:4827 https://access.redhat.com/errata/RHSA-2024:4827
RHSA-2024:4830 https://access.redhat.com/errata/RHSA-2024:4830
RHSA-2024:4862 https://access.redhat.com/errata/RHSA-2024:4862
RHSA-2024:4863 https://access.redhat.com/errata/RHSA-2024:4863
RHSA-2024:4938 https://access.redhat.com/errata/RHSA-2024:4938
RHSA-2024:4943 https://access.redhat.com/errata/RHSA-2024:4943
RHSA-2024:5239 https://access.redhat.com/errata/RHSA-2024:5239
RHSA-2024:5240 https://access.redhat.com/errata/RHSA-2024:5240
USN-6885-1 https://usn.ubuntu.com/6885-1/
USN-6885-3 https://usn.ubuntu.com/6885-3/
Data source KEV
Date added May 1, 2025
Description Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.
Required action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date May 22, 2025
Note 
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://httpd.apache.org/security/vulnerabilities_24.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-38475
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://httpd.apache.org/security/vulnerabilities_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://httpd.apache.org/security/vulnerabilities_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-05-01T17:36:23Z/ Found at https://httpd.apache.org/security/vulnerabilities_24.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20240712-0001/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-05-01T17:36:23Z/ Found at https://security.netapp.com/advisory/ntap-20240712-0001/
Exploit Prediction Scoring System (EPSS)
Percentile 0.09902
EPSS Score 0.00043
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-07-01T21:54:00.786901+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 34.0.0rc4