Loading…

Cookies and privacy

We use strictly necessary cookies to run the site. With your permission we also load Vercel Web Analytics and Speed Insights to measure traffic and performance in aggregate. See our Cookie Policy and Privacy Policy.

CVE-2024-38475: Apache HTTP Server Improper Escaping of Output Vulnerability · Scorifya

CVE detail

CVE-2024-38475: Apache HTTP Server Improper Escaping of Output Vulnerability

Source: CISA Known Exploited Vulnerabilities catalog · back to feed

Vendor / product

Apache · HTTP Server

Date added (KEV): May 01, 2025
CISA due date: May 22, 2025
Ransomware campaign use: Unknown

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vendor fix: Vendor advisory

Scorifya interpretation

AI-generated

A short, structured read of the record above — generated when this page first loads, then cached for a week.

Plain English

Technical detail

From CISA

Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://httpd.apache.org/security/vulnerabilities_24.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-38475

References

https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
https://github.com/apache/httpd/commit/9a6157d1e2f7ab15963020381054b48782bc18cfPatch
https://security.netapp.com/advisory/ntap-20240712-0001/Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/01/8Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018

Other recent CVEs from Apache

CVE-2026-34197ActiveMQ — Apache ActiveMQ Improper Input Validation Vulnerability
CVE-2025-24813Tomcat — Apache Tomcat Path Equivalence Vulnerability
CVE-2024-45195OFBiz — Apache OFBiz Forced Browsing Vulnerability
CVE-2024-27348HugeGraph-Server — Apache HugeGraph-Server Improper Access Control Vulnerability
CVE-2024-38856OFBiz — Apache OFBiz Incorrect Authorization Vulnerability

Check your domain's public posture

Scorifya doesn't test for specific CVEs, but if patching Apache changed your headers or TLS, a fresh hardening scan helps confirm nothing regressed externally.

Run a free scan Methodology