Main Vulnerability Database SB2025081488

SB2025081488 - Ubuntu update for apache2

Published: August 14, 2025

Security Bulletin ID SB2025081488

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2024-38474)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in mod_rewrite when parsing encoded question marks in backreferences. A remote attacker can execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-6885-6