CVE-2024-38475
Published Jul 1, 2024
Last updated 6 days ago
AI description
CVE-2024-38475 involves improper output escaping in the `mod_rewrite` module of the Apache HTTP Server, specifically in versions 2.4.59 and earlier. This flaw allows an attacker to map URLs to filesystem locations that the server is permitted to serve but are not intended to be directly accessible. This vulnerability can lead to code execution or source code disclosure. The issue arises when substitutions in the server context use backreferences or variables as the initial segment of the substitution. While the fix might break some existing RewriteRules, the "UnsafePrefixStat" flag can be used to revert to the previous behavior if the substitution is appropriately constrained.
- Description
- Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
- Source
- security@apache.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Apache HTTP Server Improper Escaping of Output Vulnerability
- Exploit added on
- May 1, 2025
- Exploit action due
- May 22, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security@apache.org
- CWE-116
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 CVE-2024-38475 in Apache HTTPD (mod_rewrite) allows unauth RCE & file read—now exploited in the wild in attacks on SonicWall SMA. 😬 Patch HTTPD to 2.4.60 ASAP and audit your infrastructure for products embedding Apache HTTPD! #Apache #SonicWall ➡️ https://t.co/F
@leonov_av
6 May 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 STRIKE Threat Intel Advisory – CVE-2024-38475 🚨 SecurityScorecard’s STRIKE team is tracking active exposure of CVE-2024-38475 — a high-severity vulnerability (CVSS 9.1) affecting Apache HTTP Servers. On May 1, 2025, this vulnerability was added to CISA’s list
@security_score
6 May 2025
159 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent: CISA confirms active exploitation of critical SonicWall SMA 100 flaws (CVE-2023-44221 & CVE-2024-38475). Patch now or restrict admin access—attackers are chaining these for full system compromise. Details: https://t.co/wH4g7CaLcj
@RedTeamNewsBlog
5 May 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38475
@transilienceai
5 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CISA has added two critical SonicWall vulnerabilities, CVE-2023-44221 and CVE-2024-38475, to the KEV catalog due to active exploitation. Remote OS command injection risks unauthorized control over these products. 🛡️ #SonicWall #CyberAlerts link: https://t.co/nhYbiHse66
@TweetThreatNews
5 May 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ機関CISAは、SonicWallの脆弱性CVE-2023-44221およびCVE-2024-38475を「既知の悪用脆弱性(KEV)」カタログに追加した。対象はSonicWallのSMA 100シリーズなどで、該当バージョン以降に更新されて
@yousukezan
5 May 2025
644 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
SonicWall VPNの脆弱性CVE-2023-44221及びCVE-2024-38475に対応するPoC(攻撃の概念実証コード)が公表された。 https://t.co/zC1IzEp0w2
@__kokumoto
5 May 2025
928 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2024-38475
@transilienceai
4 May 2025
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔥 Breaking News: Cyber attackers are exploiting old vulnerabilities to breach SonicWall SMA appliances! 🚨 With flaws like CVE-2024-38475 & CVE-2023-44221 being targeted, it's more crucial than ever to prioritize security updates.
@WideWatchers
4 May 2025
129 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) - Help Net Security https://t.co/H4mEt1FIyD
@PVynckier
4 May 2025
247 Impressions
3 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
یکی از ماژول های معروف و پرکاربرد وب سرور apache ، ماژول mod_rewrite می باشد. به تازگی CISA به تمامی Adminهای وب سرور آپاچی در خصوص آسیب پذیری که مربوط به این ماژول می با
@AmirHossein_sec
4 May 2025
167 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 Active exploitation of SonicWall SMA 100 vulnerabilities (CVE-2024-38475, CVE-2023-44221) reported by watchTowr. Full system takeover possible. #CyberSecurity #SonicWall https://t.co/OBmtGYIdVa https://t.co/9c1ijmEQxs
@CyberHub_blog
4 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38475
@transilienceai
4 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA Flags Two New Actively Exploited Security Flaws: CVE-2024-38475 and CVE-2023-44221 https://t.co/RyWVDVY700
@CyberSecuriUS
4 May 2025
193 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall warns of two exploited vulnerabilities in SMA appliances, CVE-2023-44221 and CVE-2024-38475, advising customers to apply patches immediately. #Security https://t.co/TDEO2tnkHa
@Strivehawk
3 May 2025
164 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1328 CVE-2024-38475 Apache HTTP Server Improper Escaping of Output Vulnerability ============= CVSSスコア:9.1 (Base) / CISA-ADP CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
@piyokango
3 May 2025
4828 Impressions
5 Retweets
12 Likes
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38475
@transilienceai
3 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2024-38475 is now in the CISA KEV Catalog! This Apache HTTP Server vuln (≤2.4.59) lets attackers map URLs to unintended filesystem locations—risking code execution or source code exposure. KQL Detection: https://t.co/ydh6927aNF https://t.co/0mduJpWz7L
@0x534c
2 May 2025
433 Impressions
0 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
🗞️ SonicWall SMA Devices Under Attack: Critical Flaws Actively Exploited SonicWall confirms active exploitation of CVE-2023-44221 and CVE-2024-38475 in SMA100 devices, enabling file access and session hijacking. Admins are urged to patch immediately to prevent remote code h
@gossy_84
2 May 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Des attaques contre les SSL-VPN SonicWall SMA série 100 signalées ! SonicWall a mis à jour ses avis de sécurité pour CVE-2023-44221 et CVE-2024-38475 et la CISA a ajouté ces deux CVE à la base KEV, indiquant des exploitations actives. https://t.co/UV8hj1ol9u
@cert_ist
2 May 2025
86 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-38475 - critical 🚨 Sonicwall - Pre-Authentication Arbitrary File Read > Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier a... 👾 https://t.co/pAApk6hvtj @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
2 May 2025
16 Impressions
0 Retweets
1 Like
3 Bookmarks
0 Replies
0 Quotes
CISA updates its Known Exploited Vulnerabilities Catalog with CVE-2024-38475 in Apache HTTP Server and CVE-2023-44221 in SonicWall SMA100 devices. Urgent patches are essential to prevent unauthorized access! ⚠️🔒 #CVE2024 #CyberThreat link: https://t.co/6LzRYakOG4 https://
@TweetThreatNews
2 May 2025
82 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Attackers exploited old flaws to breach #SonicWall SMA appliances (#CVE-2024-38475, CVE-2023-44221) https://t.co/NRBg1XCzUK
@ScyScan
2 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38475
@transilienceai
2 May 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔥 UPDATE - A public PoC exploit is now available for a serious SonicWall SMA exploit chain. ➡️ CVE-2024-38475: Apache HTTP Server flaw used to bypass auth ➡️ CVE-2023-44221: Post-auth command injection via Diagnostics menu CISA has added both to the KEV catalog — f
@TheHackersNews
2 May 2025
12385 Impressions
36 Retweets
87 Likes
17 Bookmarks
2 Replies
1 Quote
Our client base has been feeding us rumours about in-the-wild exploited SonicWall SMA n-days (CVE-2023-44221, CVE-2024-38475) for a while... Given these are now CISA KEV, enjoy our now public analysis and reproduction :-) https://t.co/W3zR5YRifJ
@watchtowrcyber
1 May 2025
16630 Impressions
38 Retweets
104 Likes
27 Bookmarks
2 Replies
3 Quotes
⚠️NSOC Alert ⚠️CVE-2023-44221 (CVSS 7.2) & CVE-2024-38475 (CVSS 9.8) are actively exploited in SMA100 appliances, upgrade to firmware ≥ 10.2.1.14-75sv, restrict SSL-VPN management to trusted IPs, enforce MFA for admins, segment VPN gateways, and review access logs
@cirtgovjm
1 May 2025
154 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-38475 #Apache HTTP Server Improper Escaping of Output Vulnerability https://t.co/53XaTCveoq
@ScyScan
1 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall has reported that vulnerabilities CVE-2023-44221 and CVE-2024-38475 in its Secure Mobile Access (SMA) appliances are being actively exploited. https://t.co/G1uxQWef4V
@securityRSS
1 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️SonicWall VPN Flaws Under Active Attack SonicWall warns SMA100 bugs CVE-2023-44221 & CVE-2024-38475 are exploited in the wild—enabling RCE & session hijacking. Patch to 10.2.1.14-75sv ASAP. CVE-2021-20035 also being hit. https://t.co/WPUJYfAETp #CyberSecurity
@dCypherIO
1 May 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall warns several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited. SonicWall updated advisories for the CVE-2023-44221 and CVE-2024-38475 flaws as "potentially being exploited in the wild. https://t.co/h4pBYZjxJj https://
@riskigy
1 May 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two new KEVs on KEVIntel this morning - CVE-2024-38475 (Apache Software Foundation) - CVE-2023-44221 (SonicWall) https://t.co/W3lvSheb1i
@ethicalhack3r
1 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SonicWall reports active exploitation of vulnerabilities CVE-2023-44221 and CVE-2024-38475 in SMA100 appliances, risking command injection and unauthorized file access. Immediate system updates needed. 🚨 #SonicWall #NetworkSecurity #USA link: https://t.co/J5E82aAaP6 https://t
@TweetThreatNews
1 May 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
SonicWall Confirms Active Exploitation of SMA 100 Vulnerabilities - Urges Immediate Patching SonicWall warns of active attacks on SMA 100 devices via CVE-2023-44221 and CVE-2024-38475. Users urged to update firmware immediately. https://t.co/uFte5hi0UP
@the_yellow_fall
1 May 2025
216 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall warns of actively exploited vulnerabilities in its Secure Mobile Access appliances. Advisories for CVE-2023-44221 and CVE-2024-38475 were updated, affecting several devices patched in firmware 10.2.1.14-75sv. #Security https://t.co/wwJ4MNmZbX
@Strivehawk
30 Apr 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SonicWall warns of high-severity vulnerabilities in SMA100 VPNs now being exploited! CVE-2023-44221 enables command injection, while CVE-2024-38475 allows remote code execution. #SonicWall #VulnerabilityAlert #USA link: https://t.co/KJnh0UEHV1 https://t.co/e1WXY5JPPa
@TweetThreatNews
30 Apr 2025
14 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Akhir tahun kita closingan dengan BloodHound dan httpX karna PoC buat CVE udah banyak banget, tenkyu gxc dan kawan-kawan. > CVE-2024-38472 > CVE-2024-39573 > CVE-2024-38477 > CVE-2024-38476 > CVE-2024-38475 > CVE-2024-38474 > CVE-2024-38473 > CVE-2023-387
@byt3n33dl3
31 Dec 2024
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
mrmtwoj/apache-vulnerability-testing: Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709 https://t.co/1vHVQPeJmm
@Alra3ees
30 Dec 2024
4962 Impressions
33 Retweets
132 Likes
111 Bookmarks
1 Reply
0 Quotes
GitHub - mrmtwoj/apache-vulnerability-testing: Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709 https://t.co/wxO2nxclqJ
@akaclandestine
14 Dec 2024
2095 Impressions
16 Retweets
48 Likes
27 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13126636-FD76-4E3E-B949-14A5082DE02A",
"versionEndExcluding": "2.4.60",
"versionStartIncluding": "2.4.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD886814-B4A0-4764-9F08-2060601D8E89"
}
],
"operator": "OR"
}
]
}
]