CVE-2024-43204
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-04
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | http_server | From 2.4.0 (inc) to 2.4.64 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade to Apache HTTP Server version 2.4.64 which fixes this issue.
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) in Apache HTTP Server when the mod_proxy module is loaded. It allows an attacker to send outbound proxy requests to a URL controlled by the attacker. This requires a rare configuration where mod_headers is set to modify the Content-Type header based on values from the HTTP request.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could make the server send requests to arbitrary URLs, potentially accessing internal systems or services that are not normally accessible, leading to unauthorized access or information disclosure.