{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2024-073.pdf" }, "title": "Apache HTTP Server Critical Vulnerabilities", "serial_number": "2024-073", "publish_date": "24-07-2024 12:27:57", "description": "On July 23, 2024, Apache issued an advisory about two critical vulnerabilities in its HTTP Server, CVE-2024-40725 and CVE-2024-40898. These vulnerabilities can lead to HTTP request smuggling and SSL client authentication bypass, potentially resulting in unauthorised access and other malicious activities.
\nIt is recommended to update affected systems immediately.
\n", "url_title": "2024-073", "content_markdown": "---\ntitle: 'Apache HTTP Server Critical\u00a0Vulnerabilities'\nnumber: '2024-073'\nversion: '1.0'\noriginal_date: 'July 23, 2024'\ndate: 'July 24, 2024'\n---\n\n_History:_\n\n* _24/07/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn July 23, 2024, Apache issued an advisory about two critical vulnerabilities in its HTTP Server, **CVE-2024-40725** and **CVE-2024-40898**. These vulnerabilities can lead to HTTP request smuggling and SSL client authentication bypass, potentially resulting in unauthorised access and other malicious activities [1].\n\nIt is recommended to update affected systems immediately.\n\n# Technical Details\n\n- **CVE-2024-40725**: A partial fix regression for a previous issue (CVE-2024\u201339884), which allows source code disclosure via certain legacy content-type-based configuration settings.\n- **CVE-2024-40898**: An SSRF vulnerability in the `mod_rewrite` module on Windows systems, enabling attackers to extract NTLM hashes through carefully crafted requests.\n\nExploitation of these vulnerabilities could allow attackers to gain unauthorised access, perform session hijacking, cross-site scripting (XSS), or command injection. More information about the attack method can be found here [2].\n\n# Affected Products\n\n- Apache HTTP Server versions 2.4.0 to 2.4.61.\n\n# Recommendations\n\nAn open-source vulnerability checker is available on github [3].\n\nCERT-EU recommends updating affected devices to the latest version of Apache HTTP Server (2.4.62 or later) as soon as possible.\n\n# References\n\n[1] \n\n[2] \n\n[3] \n", "content_html": "

History:

  • 24/07/2024 --- v1.0 -- Initial publication

Summary

On July 23, 2024, Apache issued an advisory about two critical vulnerabilities in its HTTP Server, CVE-2024-40725 and CVE-2024-40898. These vulnerabilities can lead to HTTP request smuggling and SSL client authentication bypass, potentially resulting in unauthorised access and other malicious activities [1].

It is recommended to update affected systems immediately.

Technical Details

  • CVE-2024-40725: A partial fix regression for a previous issue (CVE-2024\u201339884), which allows source code disclosure via certain legacy content-type-based configuration settings.
  • CVE-2024-40898: An SSRF vulnerability in the mod_rewrite module on Windows systems, enabling attackers to extract NTLM hashes through carefully crafted requests.

Exploitation of these vulnerabilities could allow attackers to gain unauthorised access, perform session hijacking, cross-site scripting (XSS), or command injection. More information about the attack method can be found here [2].

Affected Products

  • Apache HTTP Server versions 2.4.0 to 2.4.61.

Recommendations

An open-source vulnerability checker is available on github [3].

CERT-EU recommends updating affected devices to the latest version of Apache HTTP Server (2.4.62 or later) as soon as possible.

References

[1] https://censys.com/cve-2024-40725-40898/

[2] https://medium.com/@elniak/cve-2024-40725-and-cve-2024-40898-critical-vulnerabilities-in-apache-http-server-d292084255dc

[3] https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }