{"id":165422,"date":"2024-07-07T17:20:15","date_gmt":"2024-07-07T17:20:15","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=165422"},"modified":"2024-07-07T17:20:17","modified_gmt":"2024-07-07T17:20:17","slug":"apache-source-code-disclosure-flaw-apache-http-server","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/165422\/security\/apache-source-code-disclosure-flaw-apache-http-server.html","title":{"rendered":"Apache fixed a source code disclosure flaw in Apache HTTP Server<\/gwmw>"},"content":{"rendered":"
<\/div>\n

The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server.<\/h2>\n\n\n\n

The Apache Software Foundation has\u00a0addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized access issues.<\/p>\n\n\n\n

One of these vulnerabilities is a critical source code disclosure vulnerability tracked as CVE-2024-39884.<\/p>\n\n\n\n

“A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.” reads the advisory<\/strong><\/a>. “”AddType” and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.”<\/em><\/p>\n\n\n\n

The CVE-2024-39884 vulnerability is caused by a regression in the handling of legacy content-type configurations. When the “AddType” directive and similar settings are used under certain conditions, it can unintentionally expose the source code of files that are meant to be processed, such as server-side scripts and configuration files, potentially revealing sensitive data to attackers.<\/p>\n\n\n\n

The Apache Foundation recommends users upgrade to version 2.4.61. <\/p>\n\n\n\n

\"Apache<\/a><\/figure>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/gwmw><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, Apache<\/a>)<\/strong><\/p>\n\n\n\n

<\/gwmw><\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"

The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation has\u00a0addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized access issues. One of these vulnerabilities is a critical source code disclosure vulnerability tracked as […]<\/p>\n","protected":false},"author":1,"featured_media":165427,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,5,55],"tags":[7221,4112,9508,9506,10918,687,841,1533],"class_list":["post-165422","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-hacking","category-security","tag-apache","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司