Login Sign Up

CVE-2024-39573

7.5 HIGH
SSRF

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server's mod_rewrite module. Attackers can exploit unsafe RewriteRules to redirect requests through mod_proxy to arbitrary internal or external URLs. This affects Apache HTTP Server versions 2.4.59 and earlier.

💻 Affected Systems

Products:
  • Apache HTTP Server
Versions: 2.4.59 and earlier
Operating Systems: All operating systems running Apache HTTP Server
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when using unsafe RewriteRules that could be manipulated to proxy requests.

📦 What is this software?

Http Server by Apache

View all CVEs affecting Http Server →

Ontap by Netapp

View all CVEs affecting Ontap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or use the server as a proxy for attacks against other systems.

🟠

Likely Case

Unauthorized access to internal network resources, potential data leakage from backend systems.

🟢

If Mitigated

Limited impact if proper network segmentation and RewriteRule validation are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires specific RewriteRule configurations that allow URL manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.60

Vendor Advisory: https://httpd.apache.org/security/vulnerabilities_24.html

Restart Required: Yes

Instructions:

1. Download Apache HTTP Server 2.4.60 or later from the official website. 2. Stop the Apache service. 3. Install the new version following your OS package manager or compilation instructions. 4. Restart the Apache service.

🔧 Temporary Workarounds

Review and secure RewriteRules

all

Audit all RewriteRules to ensure they don't allow arbitrary URL proxying through mod_proxy.

Review .htaccess files and Apache configuration for RewriteRule directives

Disable mod_proxy if unused

all

Remove or comment out mod_proxy loading if not required for your configuration.

Comment out 'LoadModule proxy_module modules/mod_proxy.so' in httpd.conf

🧯 If You Can't Patch

  • Implement strict network segmentation to limit Apache server access to internal resources
  • Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check Apache version and review RewriteRule configurations for unsafe patterns that could proxy requests.

Check Version:

httpd -v

Verify Fix Applied:

Confirm Apache version is 2.4.60 or later and test that RewriteRules no longer allow unauthorized proxying.

📡 Detection & Monitoring

Log Indicators:

  • Unusual proxy requests in access logs
  • Requests to internal IPs from external sources

Network Indicators:

  • Unexpected outbound connections from Apache server to internal systems

SIEM Query:

source="apache_access" AND (uri CONTAINS "proxy" OR dest_ip IN [internal_ranges])

📊 Metadata

CVE ID: CVE-2024-39573
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-20
Published: July 1, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39573, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)