Main Vulnerability Database SB2024102405

SB2024102405 - IBM Datapower Operations Dashboard update for Apache HTTP Server

Published: October 24, 2024

Security Bulletin ID SB2024102405

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2024-38474)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in mod_rewrite when parsing encoded question marks in backreferences. A remote attacker can execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7173895