ГлавнаяУязвимости → CVE-2024-43204
7.5высокая

CVE-2024-43204

→ есть в БДУ: BDU:2025-08957 (на русском)
Описание (на английском; русское — в БДУ выше)

SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.  Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request. Users are recommended to upgrade to version 2.4.64 which fixes this issue.

Затрагиваемое ПО
Apache Http server
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Источники
https://httpd.apache.org/security/vulnerabilities_24.htmlhttp://www.openwall.com/lists/oss-security/2025/07/10/2http://www.openwall.com/lists/oss-security/2025/07/10/4https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html