发布时间: 2024年9月6日
修改时间: 2024年10月7日
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Network | Network |
| CVSS评分 | 9.8 | 9.8 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3861 | httpd security update | 2025年2月6日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5 | httpd | Fixed |
| KY3.5.2 | httpd | Fixed |
| KY3.5.3 | httpd | Fixed |
| V6 | httpd | Fixed |
