Wind River Support Network

HomeDefectsLIN1022-9997
Fixed

LIN1022-9997 : Security Advisory - apache2 - CVE-2024-40725

Created: Jul 17, 2024    Updated: Dec 18, 2024
Resolved Date: Dec 18, 2024
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.

Users are recommended to upgrade to version 2.4.62, which fixes this issue.

https://nvd.nist.gov/vuln/detail/CVE-2024-40725

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube