⚠ Actively exploited
Added to CISA KEV on 2025-05-01. Federal agencies required to patch by 2025-05-22. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2024-38475Improper Encoding or Escaping of Output in Apache Http Server

CWE-116Improper Encoding or Escaping of Output19 documents14 sources
Severity
9.1CRITICALNVD
EPSS
93.9%
top 0.13%
CISA KEV
KEV
Added 2025-05-01
Due 2025-05-22
Exploit
PoC available
Public exploit / PoC exists
Affected products
7
Apache Http ServerSonicwall SMA 200 FirmwareSonicwall SMA 210 Firmware+4 more
Timeline
PublishedJul 1
KEV addedMay 1
KEV dueMay 22
Latest updateJul 21
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages7 packages

NVDapache/http_server2.4.02.4.60
NVDsonicwall/sma_200_firmware< 10.2.1.14-75sv
NVDsonicwall/sma_210_firmware< 10.2.1.14-75sv
NVDsonicwall/sma_400_firmware< 10.2.1.14-75sv

Patches

Patch: github.com

🔴Vulnerability Details

7
OSV
apache2 vulnerabilities2025-07-21
OSV
apache2 vulnerabilities2024-09-18
GHSA
GHSA-pf44-j75v-mhr8: Improper escaping of output in mod_rewrite in Apache HTTP Server 22024-07-01
OSV
CVE-2024-38475: Improper escaping of output in mod_rewrite in Apache HTTP Server 22024-07-01
OSV
CVE-2024-38475: Improper escaping of output in mod_rewrite in Apache HTTP Server 22024-07-01

💥Exploits & PoCs

1
Nuclei
Sonicwall - Pre-Authentication Arbitrary File Read

📋Vendor Advisories

7
Ubuntu
Apache HTTP Server vulnerabilities2025-07-21
CISA
Apache HTTP Server Improper Escaping of Output Vulnerability2025-05-01
Oracle
Oracle Oracle Communications Risk Matrix: Platform (Apache HTTP Server) — CVE-2024-384752025-01-15
Ubuntu
Apache HTTP Server vulnerabilities2024-09-18
Ubuntu
Apache HTTP Server vulnerabilities2024-07-08

🕵️Threat Intelligence

1
Bleepingcomputer
SonicWall warns of more VPN flaws exploited in attacks2025-04-30

📄Research Papers

1
CTF
Web / ApacheCultureNight2025

💬Community

1
HackerOne
important: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (CVE-2024-38475)2024-07-13
CVE-2024-38475 — Apache Http Server vulnerability | cvebase