🔴 CVE-2024-38475

CVE-2024-38475 is a critical vulnerability in Apache HTTP Server's mod_rewrite module that allows remote attackers to map URLs to unintended filesystem locations, leading to code execution or source code disclosure. This vulnerability affects one of the world's most widely deployed web servers and has been added to CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

← Back to Overview
HIGH_RISK
Risk Level
9.1
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-07-01

Added to CISA KEV: 2025-05-01 304 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-38475 is a critical vulnerability in the Apache HTTP Server that allows for unauthorized access to filesystem locations, potentially leading to source code disclosure or arbitrary code execution [1] [4].

Key Details of CVE-2024-38475
FeatureDescription
Vulnerability TypeImproper escaping of output in `mod_rewrite` [1]
Affected VersionsApache HTTP Server 2.4.59 and earlier [1]
CVSS Score9.1 (Critical) [3]
Attack VectorNetwork (Remote) [4]
User InteractionNone required [4]
Exploitation and Impact
  • Attack Method: An attacker can send specially crafted HTTP requests to exploit the improper escaping in `mod_rewrite`. This allows the attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intended to be directly reachable via a URL [1].
  • Impact: Successful exploitation can result in the disclosure of sensitive source code or, in certain configurations, arbitrary code execution [1].
  • Active Exploitation: This vulnerability has been added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog, confirming that it has been exploited in the wild [3].
Mitigation and Patch Status
  • Patching: Users should upgrade to a version of Apache HTTP Server that addresses this vulnerability (typically versions 2.4.60 or later).
  • Configuration: The vulnerability specifically affects substitutions in the server context that use backreferences or variables as the first segment of the substitution [2]. If upgrading is not immediately possible, administrators can use the `UnsafePrefixStat` rewrite flag to constrain substitutions, though this is a temporary measure and patching is strongly recommended [2].

Sources

  1. NVD - CVE-2024-38475

    CVE-2024-38475 Detail Description Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execut…

  2. CVE-2024-38475 - Vulnerability Details - OpenCVE

    Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately const…

  3. Apache HTTP Server Improper Escaping of Output Vulnerability ...

    CVE-2024-38475 is a vulnerability affecting Apache HTTP Servers with a CVSS score of 9.1. By sending specially crafted HTTP requests, this flaw allows remote ...

  4. CVE-2024-38475 - Exploits & Severity - Feedly

    The vulnerability CVE-2024-38475 in Apache HTTP Server's mod_rewrite allows an attacker to exploit weaknesses in the substitution matching filesystem paths, potentially leading to unauthorized access or other malicious activities. ... CVEs. CVE-2024-38475. Proof of exploitExploited in the wild.This…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed