CVE-2024-38475CISA KEV: Actively Exploited

Apache HTTP Server Improper Escaping of Output Vulnerability

Published May 1, 2025·Updated May 1, 2025

Description

Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.

Public Exploits & PoCs3 found

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free