{"id":"MGASA-2024-0272","summary":"Updated apache packages fix security vulnerabilities","details":"CVE-2024-40898: Apache HTTP Server: SSRF with\nmod_rewrite in server/vhost context on Windows (cve.mitre.org)\nSSRF in Apache HTTP Server on Windows with mod_rewrite in\nserver/vhost context, allows to potentially leak NTML hashes to\na malicious server via SSRF and malicious requests.\nCVE-2024-40725: Apache HTTP Server: source code\ndisclosure with handlers configured via AddType (cve.mitre.org)\nA partial fix for CVE-2024-39884 in the core of Apache HTTP\nServer 2.4.61 ignores some use of the legacy content-type based\nconfiguration of handlers. \"AddType\" and similar configuration,\nunder some circumstances where files are requested indirectly,\nresult in source code disclosure of local content. For example,\nPHP scripts may be served instead of interpreted.\n","modified":"2026-03-25T17:45:11.661678Z","published":"2024-07-20T21:22:37Z","related":["CVE-2024-40725","CVE-2024-40898"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0272.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33412"},{"type":"REPORT","url":"https://downloads.apache.org/httpd/CHANGES_2.4.62"}],"affected":[{"package":{"name":"apache","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/apache?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.62-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0272.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}