Back to search
CVE-2024-43204
Published: Jul 10, 2025
Modified: Nov 4, 2025
PUBLISHED
Description
SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request. Users are recommended to upgrade to version 2.4.64 which fixes this issue.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache HTTP Server | affected 2.4.0 - <= 2.4.63 |
Weaknesses (CWE)
References
https://httpd.apache.org/security/vulnerabilities_24.html
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now