CVE-2024-43204

Severity CVSS v4.0:

Pending analysis

Type:

CWE-918 Server-Side Request Forgery (SSRF)

Publication date:

10/07/2025

Last modified:

10/07/2025

Description

SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.<br /> <br /> Users are recommended to upgrade to version 2.4.64 which fixes this issue.

Impact

References to Advisories, Solutions, and Tools

https://httpd.apache.org/security/vulnerabilities_24.html