FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache httpd -- source code disclosure

Affected packages
2.4.60 <= apache24 < 2.4.61

Details

VuXML ID 5d921a8c-3a43-11ef-b611-84a93843eb75
Discovery 2024-07-04
Entry 2024-07-04

The Apache httpd project reports:

isource code disclosure with handlers configured via AddType (CVE-2024-39884) (Important). A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.

References

CVE Name CVE-2024-39884
URL https://httpd.apache.org/security/vulnerabilities_24.html