📢 IBM has issued a new security bulletin concerning the IBM HTTP Server (powered by Apache).
💡 Why is this important?
The server is vulnerable to several attacks enabling a remote attacker to retrieve sensitive information, bypass security restrictions and manipulate server-side requests.
🔎 Vulnerability details
📂 CVE-2024-39884 – Inclusion of sensitive information in source code
🔹 Impact: A regression in the Apache kernel makes it possible to exploit the old configuration of content type-based handlers.
🔹 Consequence: A remote attacker can use AddType to disclose the source code of local files.
🔹 CVSS score: 5.9 / 10
🔓 CVE-2024-38476 – Poor input validation in HTTP headers
🔹 Impact: A lack of validation in backend application responses exposes sensitive data.
🔹 Consequence: An attacker can obtain sensitive information, forge server-side requests (SSRF) or execute malicious code.
🔹 CVSS score: 5.9 / 10
⚠️ CVE-2024-39573 – Server-side request forgery (SSRF) via mod_rewrite
🔹 Impact: A flaw in mod_rewrite can lead to unexpected behavior on RewriteRules.
🔹 Consequence: An attacker can exploit this flaw to forge malicious requests to proxy servers.
🔹 CVSS score: 7.5 / 10
🚨 CVE-2024-38473 – Bypassing security restrictions via mod_proxy
🔹 Impact: An encoding problem in mod_proxy allows malformed requests to be sent.
🔹 Consequence: An attacker can bypass authentication and access restrictions to protected resources.
🔹 CVSS score: 8.1 / 10
🛠️ How to correct these flaws?
✔️ Apply the appropriate PTF to your system(see official documentation).
✔️ Update your Apache HTTP server to take advantage of the latest patches.
✔️ Enable advanced filtering rules to limit attacks based on these vulnerabilities.
📌 Official source: 🔗 IBM security bulletin
⚡ Act now to secure your IT environment with STR-iCT!
🔐 Keep up to date with the latest cybersecurity alerts! 🚀
