These vulnerabilities in Apache HTTP Server enable HTTP Request Smuggling and SSL Authentication Bypass, posing severe threats to organizations worldwide
PoC exploit codes are available for both vulnerabilities
· TechRadarNews By Efosa Udinmwen published 7 October 2024
Apache's HTTP Server is a critical component for hosting web applications worldwide. Recently, two significant vulnerabilities CVE-2024-40725 and CVE-2024-40898 have surfaced, raising alarms across industries.
These vulnerabilities present a severe risk to organizations that rely on Apache HTTP Server especially the systems using versions 2.4.0 through 2.4.61. There are over 7.6 million instances exposed to potential attacks, experts have said.
According to a recent report from CYFIRMA, while CVE-2024-40725 affects the mod_proxy module of the Apache HTTP Server, CVE-2024-40898 targets the mod_ssl module.
HTTP request smuggling & SSL authentication bypass
HTTP Request Smuggling attacks see an attacker send multiple crafted HTTP requests, which the server misinterprets due to its flawed handling of HTTP headers. The attacker exploits this misinterpretation to bypass security checks. In the case of CVE-2024-40725, the ProxyPass directive, when misconfigured, can make the server vulnerable to this type of attack.
When the ProxyPass directive is enabled with specific URL rewrite rules, it can lead to HTTP Request Smuggling attacks. Attackers can exploit this vulnerability to gain unauthorized access to restricted parts of the server, disclose sensitive information, or hijack active user sessions.
The CVE-2024-40898 vulnerability stems from improper SSL client authentication verification. If SSLVerifyClient is not configured correctly, attackers can bypass the SSL authentication mechanism. This allows them to access sensitive systems without requiring a valid client certificate thereby compromising the security posture of affected organizations.
The existence of PoC exploit codes for both vulnerabilities makes it easier for attackers to target organizations that have not yet applied the necessary patches or updated their configurations. These tools allow attackers to send specially crafted SSL requests to affected servers, which can lead to unauthorized access.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors