{"id":"CLSA-2024-1724351427","summary":"httpd: Fix of 9 CVEs","details":"- CVE-2024-38474: mod_rewrite: server weakness with encoded question marks\n  in backreferences\n- CVE-2024-38475: mod_rewrite: server weakness in mod_rewrite when first\n  segment of substitution matches filesystem path\n- CVE-2024-38477: mod_proxy: crash resulting in Denial of Service in\n  mod_proxy via a malicious request\n- CVE-2023-38709: http_filters: HTTP response splitting\n- CVE-2024-38473: mod_proxy: server proxy encoding problem\n- CVE-2024-39573: mod_rewrite: proxy handler substitution\n- CVE-2024-38476: http: server use exploitable/malicious backend application\n  output to run local handlers via internal redirect\n- CVE-2024-39884: modules: source code disclosure with handlers configured via AddType.\n  Resolving regression introduced by CVE-2024-38476 fix\n- CVE-2024-40725: modules: source code disclosure with handlers configured via AddType.\n  Resolving regression introduced by CVE-2024-39884 fix","modified":"2026-05-27T11:35:57.144042525Z","published":"2024-08-22T18:31:35Z","upstream":["CVE-2023-38709","CVE-2024-38473","CVE-2024-38474","CVE-2024-38475","CVE-2024-38476","CVE-2024-38477","CVE-2024-39573","CVE-2024-39884","CVE-2024-40725"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/centos8.5-els/CLSA-2024-1724351427.html"}],"affected":[{"package":{"name":"httpd","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/httpd?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2024-1724351427.json"}},{"package":{"name":"httpd-devel","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/httpd-devel?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2024-1724351427.json"}},{"package":{"name":"httpd-filesystem","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/httpd-filesystem?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2024-1724351427.json"}},{"package":{"name":"httpd-manual","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/httpd-manual?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2024-1724351427.json"}},{"package":{"name":"httpd-tools","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/httpd-tools?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2024-1724351427.json"}},{"package":{"name":"mod_ldap","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/mod_ldap?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2024-1724351427.json"}},{"package":{"name":"mod_proxy_html","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/mod_proxy_html?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2024-1724351427.json"}},{"package":{"name":"mod_session","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/mod_session?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2024-1724351427.json"}},{"package":{"name":"mod_ssl","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/mod_ssl?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2024-1724351427.json"}}],"schema_version":"1.7.5"}