vulnerability
Amazon Linux 2023: CVE-2024-43204: Important priority package update for httpd
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Jul 14, 2025 | Aug 5, 2025 | Aug 5, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Jul 14, 2025
Added
Aug 5, 2025
Modified
Aug 5, 2025
Description
SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.
Users are recommended to upgrade to version 2.4.64 which fixes this issue.
A Server-side request forgery (SSRF) vulnerability exists in Apache httpd when the server has mod_proxy loaded and is configured with mod_headers to modify the Content-Type header in the HTTP request or response using a value supplied by the user. Under this configuration, this flaw allows an attacker to craft specially crafted requests to manipulate the Content-Type header and trigger outbound requests to arbitrary attacker-controlled URLs via proxy. The vulnerability stems from inadequate input validation and unsafe header manipulation, ultimately allowing an attacker to influence server-side network behavior.
Users are recommended to upgrade to version 2.4.64 which fixes this issue.
A Server-side request forgery (SSRF) vulnerability exists in Apache httpd when the server has mod_proxy loaded and is configured with mod_headers to modify the Content-Type header in the HTTP request or response using a value supplied by the user. Under this configuration, this flaw allows an attacker to craft specially crafted requests to manipulate the Content-Type header and trigger outbound requests to arbitrary attacker-controlled URLs via proxy. The vulnerability stems from inadequate input validation and unsafe header manipulation, ultimately allowing an attacker to influence server-side network behavior.
Solutions
amazon-linux-2023-upgrade-httpdamazon-linux-2023-upgrade-httpd-coreamazon-linux-2023-upgrade-httpd-core-debuginfoamazon-linux-2023-upgrade-httpd-debuginfoamazon-linux-2023-upgrade-httpd-debugsourceamazon-linux-2023-upgrade-httpd-develamazon-linux-2023-upgrade-httpd-filesystemamazon-linux-2023-upgrade-httpd-manualamazon-linux-2023-upgrade-httpd-toolsamazon-linux-2023-upgrade-httpd-tools-debuginfoamazon-linux-2023-upgrade-mod-ldapamazon-linux-2023-upgrade-mod-ldap-debuginfoamazon-linux-2023-upgrade-mod-luaamazon-linux-2023-upgrade-mod-lua-debuginfoamazon-linux-2023-upgrade-mod-proxy-htmlamazon-linux-2023-upgrade-mod-proxy-html-debuginfoamazon-linux-2023-upgrade-mod-sessionamazon-linux-2023-upgrade-mod-session-debuginfoamazon-linux-2023-upgrade-mod-sslamazon-linux-2023-upgrade-mod-ssl-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.