CVE-2024-39573

CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-20 · Input validation

Published July 1, 2024

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Key dates

Disclosure timeline

July 1, 2024 CVE published

November 3, 2025 Record updated