Ubuntu Security Update USN-6885-4: Apache HTTP Server regression

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,781
Reaction score
74
Credits
-1,257
USN-6885-1 fixed a vulnerability in Apache. The patch for CVE-2024-38474 was incomplete and caused regressions. This update provides the fix for that issue. Original advisory details: Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions. (CVE-2024-38474)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-6885-6: Apache HTTP Server regression
Replies
0
Views
296
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-6885-5: Apache HTTP Server vulnerabilities
Replies
0
Views
269
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8239-1: Apache HTTP Server vulnerabilities
Replies
0
Views
159
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-7968-2: Apache HTTP Server regression
Replies
0
Views
137
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-6885-3: Apache HTTP Server vulnerabilities
Replies
0
Views
545
LinuxBot
LinuxBot


Follow Linux.org

Staff online

Members online

Total: 3,192 (members: 6, guests: 3,186)

Latest posts

Top