A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LApache HTTP Server
APPApache2.4.64
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2024-38475CRITICAL9.1⚠ KEVPL ✓ten sam produkt
Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie
CVE-2021-42013CRITICAL9.8⚠ KEVten sam produkt
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could ...
CVE-2021-41773CRITICAL9.8⚠ KEVten sam produkt
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a ...
CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
CVE-2026-29167CRITICAL9.8PL ✓ten sam produkt
Use-after-free w Apache HTTP Server z mod_ldap (CVE-2026-29167)