Apache HTTP Server
Moderate fix1 remedy
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 2.4.0, <= 2.4.63
Apache HTTP Server mod_proxy SSRF Vulnerability via Content-Type Header Modification
Vulnerability
Patched
A Server-Side Request Forgery (SSRF) vulnerability has been identified in Apache HTTP Server versions 2.4.0 through 2.4.63, when the mod_proxy module is enabled. This vulnerability allows an attacker to send outbound proxy requests to a URL of their choosing, but it requires a specific and unlikely configuration. The mod_headers module must be set to alter the Content-Type request or response header based on a value provided in the HTTP request. Exploitation of this vulnerability could lead to unauthorized access to internal resources or services.
Impact
Exploitation of this vulnerability allows for Server-Side Request Forgery (SSRF) attacks, where an attacker can send requests from the server to an external or internal resource of their choice. This could potentially be used to access sensitive information or services that are not normally exposed to the public.
Remediation
Users are advised to upgrade to Apache HTTP Server version 2.4.64 or later, which addresses this vulnerability.
Added: Jul 10, 2025, 5:48 PM
Updated: Jul 10, 2025, 5:48 PM
Vulnerability Rating
Custom Algorithm
spread
9.4impact
0.0exploitability
7.6remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.