Skip to main content

Http Server EUVDEUVD-2024-54774

| CVE-2024-43204 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2025-07-10 security@apache.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu
MEDIUM
qualitative
SUSE
HIGH
qualitative
Red Hat
5.4 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 06:52 euvd
EUVD-2024-54774
Analysis Generated
Mar 16, 2026 - 06:52 vuln.today
CVE Published
Jul 10, 2025 - 17:15 nvd
HIGH 7.5

DescriptionCVE.org

SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.  Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.

Users are recommended to upgrade to version 2.4.64 which fixes this issue.

AnalysisAI

CVE-2024-43204 is a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server when mod_proxy is loaded, allowing unauthenticated attackers to initiate outbound proxy requests to attacker-controlled URLs. The vulnerability requires an uncommon configuration where mod_headers is used to modify Content-Type headers based on user-supplied HTTP request values. Apache recommends immediate upgrade to version 2.4.64 to remediate this high-integrity-impact issue.

Technical ContextAI

The vulnerability exists in Apache HTTP Server's mod_proxy module (CWE-918: Server-Side Request Forgery) and is triggered through unsafe interaction with mod_headers when processing request/response headers. When mod_headers is configured to dynamically modify the Content-Type header using values derived from incoming HTTP requests (e.g., via user input, request parameters, or header reflection), an attacker can inject crafted values that cause mod_proxy to interpret the request as a legitimate proxy request to an arbitrary destination. This exploits improper validation of proxy request destinations, allowing the attacker to use the vulnerable server as an intermediary to reach internal or external systems that would otherwise be inaccessible. The root cause is insufficient sanitization of header values before they are processed by the proxy logic. Affected CPE: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* (versions prior to 2.4.64).

RemediationAI

Upgrade Apache HTTP Server to version 2.4.64 or later; priority: High; link: https://httpd.apache.org/download.cgi Workaround (Temporary): Disable mod_proxy if not required for operations; priority: High Workaround (Temporary): Review and restrict mod_headers configuration: avoid using Header directives that incorporate unsanitized user input (request parameters, cookies, client-supplied headers) into Content-Type or other proxy-relevant headers; priority: High Mitigation: Implement network-level egress filtering or proxy whitelisting to restrict outbound connections from the HTTP Server to authorized destinations only; priority: Medium Detection: Monitor Apache access logs for unusual outbound proxy requests (via mod_proxy logging) and anomalous Content-Type header values in requests; priority: Medium

CVE-2017-9798 HIGH POC
7.5 Sep 18

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user

CVE-2013-2566 MEDIUM POC
5.9 Mar 15

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for

CVE-2014-0226 MEDIUM POC
6.8 Jul 20

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denia

CVE-2016-8740 HIGH POC
7.5 Dec 05

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2

CVE-2013-5704 MEDIUM POC
5.0 Apr 15

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directiv

CVE-2013-2249 HIGH POC
7.5 Jul 23

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for

CVE-2016-5387 HIGH
8.1 Jul 19

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from t

CVE-2017-7668 HIGH
7.5 Jun 20

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which al

CVE-2017-3169 CRITICAL POC
9.8 Jun 20

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party mod

CVE-2016-0736 HIGH POC
7.5 Jul 27

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured c

CVE-2017-7679 CRITICAL POC
9.8 Jun 20

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when se

CVE-2012-0053 MEDIUM POC
4.3 Jan 28

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construct

Vendor StatusVendor

Ubuntu

Priority: Medium
apache2
Release Status Version
trusty needs-triage -
upstream released 2.4.64-1
jammy released 2.4.52-1ubuntu4.15
noble released 2.4.58-1ubuntu8.7
plucky released 2.4.63-1ubuntu1.1
bionic released 2.4.29-1ubuntu4.27+esm6
focal released 2.4.41-4ubuntu3.23+esm2
xenial released 2.4.18-2ubuntu3.17+esm16
questing released 2.4.64-1ubuntu2

Debian

apache2
Release Status Fixed Version Urgency
bullseye fixed 2.4.65-1~deb11u1 -
bullseye (security) fixed 2.4.66-1~deb11u1 -
bookworm fixed 2.4.65-1~deb12u1 -
bookworm (security) vulnerable 2.4.62-1~deb12u2 -
trixie fixed 2.4.66-1~deb13u2 -
forky, sid fixed 2.4.66-8 -
(unstable) fixed 2.4.64-1 -

SUSE

Severity: High
Product Status
Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.10 Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-SAP Image SLES15-SP4-SAP-Azure Image SLES15-SP4-SAP-EC2 Image SLES15-SP4-SAP-GCE Image SLES15-SP4-SAPCAL Image SLES15-SP4-SAPCAL-Azure Image SLES15-SP4-SAPCAL-EC2 Image SLES15-SP4-SAPCAL-GCE Image SLES15-SP5-SAPCAL-Azure Image SLES15-SP5-SAPCAL-EC2 Image SLES15-SP5-SAPCAL-GCE Affected
Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.1.7.26.2 Container suse/manager/5.0/x86_64/server:5.0.5.1.7.33.2 Image SLES15-SP6-SAP Image SLES15-SP6-SAP-Azure Image SLES15-SP6-SAP-EC2 Image SLES15-SP6-SAP-GCE Image SLES15-SP6-SAPCAL Image SLES15-SP6-SAPCAL-Azure Image SLES15-SP6-SAPCAL-EC2 Image SLES15-SP6-SAPCAL-GCE Affected
Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.1.8.9.2 Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.2.9.13.2 Container suse/multi-linux-manager/5.1/x86_64/server:5.1.1.8.7.1 Image SLES15-SP7-SAPCAL-Azure Image SLES15-SP7-SAPCAL-EC2 Image SLES15-SP7-SAPCAL-GCE Image proxy-httpd-image Image server-image Affected
SUSE Enterprise Storage 7.1 Fixed
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP6 Fixed

Share

EUVD-2024-54774 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy