Date: Tue, 02 Jul 2024 06:05:36 +0000 From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 280077] www/apache24 2.4.60 mod_dir does not appear to work Message-ID: <bug-280077-16115-woYG6eo4Nb@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-280077-16115@https.bugs.freebsd.org/bugzilla/> References: <bug-280077-16115@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280077 nihilesthic@proton.me changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nihilesthic@proton.me --- Comment #1 from nihilesthic@proton.me --- >From the changelog ( https://downloads.apache.org/httpd/CHANGES_2.4.60 ): SECURITY: CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect (cve.mitre.org) Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Note: Some legacy uses of the 'AddType' directive to connect a request to a handler must be ported to 'SetHandler' after this fix. This is a possible reason. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280077-16115-woYG6eo4Nb>