vulnerability
Apache HTTPD: Apache HTTP Server: SSRF with mod_headers setting Content-Type header (CVE-2024-43204)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Jul 10, 2025 | Jul 18, 2025 | Nov 6, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Jul 10, 2025
Added
Jul 18, 2025
Modified
Nov 6, 2025
Description
SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.
Users are recommended to upgrade to version 2.4.64 which fixes this issue.
Users are recommended to upgrade to version 2.4.64 which fixes this issue.
Solution
apache-httpd-upgrade-latest
References
- URL-http://www.openwall.com/lists/oss-security/2025/07/10/2
- URL-http://www.openwall.com/lists/oss-security/2025/07/10/4
- URL-https://httpd.apache.org/security/vulnerabilities_24.html
- URL-https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html
- CVE-2024-43204
- https://attackerkb.com/topics/CVE-2024-43204
- CWE-918
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.