Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Apache HTTP Server Confusion Attacks - Vulnerability Database

Apache HTTP Server Confusion Attacks

Description

Apache HTTP Server contains multiple vulnerabilities collectively known as "Confusion Attacks" that exploit inconsistencies in how different server modules interpret and process requests. These attacks leverage semantic ambiguities in three critical areas: filename interpretation (Filename Confusion), document root resolution (DocumentRoot Confusion), and request handler selection (Handler Confusion). When exploited, these inconsistencies allow attackers to bypass security controls by causing different modules to process the same request in conflicting ways.

Remediation

Immediately update Apache HTTP Server to version 2.4.60 or later, which addresses all related CVEs (CVE-2024-38472 through CVE-2024-38477, CVE-2023-38709). Review all mod_rewrite rules and eliminate or strictly validate any user-controllable input in RewriteRule directives:

# Avoid patterns like:
RewriteRule ^/(.*)$ /$1 [PT]

# Instead, use explicit whitelisting:
RewriteRule ^/(allowed|paths|only)/(.*)$ /$1/$2 [PT]

Disable the FollowSymLinks option in directory configurations unless absolutely required, and use SymLinksIfOwnerMatch as a safer alternative. Implement strict directory access controls using Require directives:

<Directory /var/www/html>
    Options -FollowSymLinks -Indexes
    Require all granted
</Directory>

<Directory /var/www/html/admin>
    Require ip 10.0.0.0/8
</Directory>

Conduct a comprehensive audit of all loaded modules and disable any unnecessary ones. Test all configuration changes in a staging environment before deploying to production, and monitor server logs for suspicious access patterns following the update.

References

[EN] Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
Apache HTTP Server 2.4 vulnerabilities

Related Vulnerabilities

CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability High
Common tags: Known Vulnerabilities
silverstripeCMS Improper Authentication Vulnerability (CVE-2020-26136) Medium
Common tags: Known Vulnerabilities
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25814) Medium
Common tags: Known Vulnerabilities
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25815) Medium
Common tags: Known Vulnerabilities
silverstripeCMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-25817) Medium
Common tags: Known Vulnerabilities

Severity

High

Classification

CVE-2024-38472
CVE-2024-39573
CVE-2024-38477
CVE-2024-38476
CVE-2024-38475
CVE-2024-38474
CVE-2024-38473
CVE-2023-38709
CWE-436
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

Known Vulnerabilities