vulnerability
IBM HTTP Server: CVE-2024-38475: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by improper escaping of output in mod_rewrite
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:P/A:N) | Jul 29, 2024 | Nov 20, 2025 | Nov 20, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:P/A:N)
Published
Jul 29, 2024
Added
Nov 20, 2025
Modified
Nov 20, 2025
Description
Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by improper escaping of output in mod_rewrite. By sending a specially crafted request, an attacker could exploit this vulnerability to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL, resulting in code execution.
Solutions
ibm-http_server-apply-interim-fix-ph61893-for-9_0ibm-http_server-apply-interim-fix-ph61893-for-8_5ibm-http_server-apply-fix-pack-9_0_5_21ibm-http_server-apply-fix-pack-8_5_5_27
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.