The Apache Software Foundation has addressed a critical source code disclosure vulnerability in the Apache HTTP Server, tracked as CVE-2024-39884.
The CVE-2024-39884 vulnerability arises from a regression in the handling of legacy content-type configurations in Apache HTTP Server 2.4.60. The issue occurs when the “AddType” directive and similar settings are used under certain conditions, potentially exposing the source code of files intended to be processed, such as server-side scripts and configuration files, thereby revealing sensitive data to attackers.
The advisory explains: “A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. ‘AddType’ and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.”
#ITSecurity The Apache Software Foundation has addressed multiple vulnerabilities Apache HTTP Server. They include denial-of-service (DoS), remote code execution, and unauthorized access issues.https://t.co/6C6G59woQP
One of these vulnerabilities is a critical source code…
— sea-are-pea (@seaarepea) July 7, 2024
In response to this and other vulnerabilities, including denial-of-service (DoS), remote code execution, and unauthorized access issues, the Apache Foundation recommends that users upgrade to version 2.4.61 to ensure their systems are secure.
For the security and stability of your servers, updating to the latest version of Apache HTTP Server is essential.
Abdul Rehman
Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.
