Vulnerability CVE-2024-39884: Information

Description

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue.

Published: July 4, 2024
Modified: July 12, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.61-alt12.4.61-alt1ALT-PU-2024-9736-1352421Fixed
apache2sisyphus_riscv642.4.61-alt12.4.61-alt1ALT-PU-2024-9756-1-Fixed
apache2sisyphus_loongarch642.4.61-alt12.4.61-alt1ALT-PU-2024-9761-1-Fixed
apache2p112.4.61-alt12.4.59-alt1ALT-PU-2024-9738-1352426Testing

References to Advisories, Solutions, and Tools