FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache httpd -- Source code disclosure with handlers configured via AddType

Affected packages
2.4.60 <= apache24 < 2.4.62

Details

VuXML ID 088b8b7d-446c-11ef-b611-84a93843eb75
Discovery 2024-07-17
Entry 2024-07-17

The Apache httpd project reports:

source code disclosure with handlers configured via AddType (CVE-2024-40725) (Important): A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.

[source]

References

CVE Name CVE-2024-40725
URL https://httpd.apache.org/security/vulnerabilities_24.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.