CVE-2024-43204

State: PUBLISHED · Published: 2025-07-10 · Updated: 2025-11-04 · Assigner: apache

Description

SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request. Users are recommended to upgrade to version 2.4.64 which fixes this issue.

CWE

CWE-918 — CWE-918 Server-Side Request Forgery (SSRF)

Affected

Apache Software Foundation / Apache HTTP Server — v=2.4.0 ≤2.4.63 [affected]

CVSS

(none)

References

https://httpd.apache.org/security/vulnerabilities_24.html vendor-advisory

Source

cvelistV5-main/cves/2024/43xxx/CVE-2024-43204.json