{"id":"CLSA-2024-1722003981","summary":"httpd: Fix of 5 CVEs","details":"- CVE-2024-38474: mod_rewrite: server weakness with encoded question marks\n  in backreferences\n- CVE-2024-38475: mod_rewrite: server weakness in mod_rewrite when first\n  segment of substitution matches filesystem path\n- CVE-2024-38477: mod_proxy: crash resulting in Denial of Service in\n  mod_proxy via a malicious request\n- CVE-2024-38476: http: server use exploitable/malicious backend application\n  output to run local handlers via internal redirect\n- CVE-2024-39573: mod_rewrite: proxy handler substitution","modified":"2026-05-27T11:35:44.141821831Z","published":"2024-07-26T14:26:24Z","upstream":["CVE-2024-38474","CVE-2024-38475","CVE-2024-38476","CVE-2024-38477","CVE-2024-39573"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/centos7-els/CLSA-2024-1722003981.html"}],"affected":[{"package":{"name":"httpd","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/httpd?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.6-99.el7.centos.1.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1722003981.json"}},{"package":{"name":"httpd-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/httpd-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.6-99.el7.centos.1.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1722003981.json"}},{"package":{"name":"httpd-manual","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/httpd-manual?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.6-99.el7.centos.1.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1722003981.json"}},{"package":{"name":"httpd-tools","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/httpd-tools?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.6-99.el7.centos.1.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1722003981.json"}},{"package":{"name":"mod_ldap","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/mod_ldap?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.6-99.el7.centos.1.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1722003981.json"}},{"package":{"name":"mod_proxy_html","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/mod_proxy_html?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.4.6-99.el7.centos.1.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1722003981.json"}},{"package":{"name":"mod_session","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/mod_session?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.6-99.el7.centos.1.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1722003981.json"}},{"package":{"name":"mod_ssl","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/mod_ssl?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.4.6-99.el7.centos.1.tuxcare.els4"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2024-1722003981.json"}}],"schema_version":"1.7.5"}