InfoSecBulletin Cybersecurity for mankind
The Apache Software Foundation has found multiple security issues in the widely used Apache HTTP Server. These vulnerabilities could lead to denial-of-service attacks, remote code execution, and unauthorized access, putting many websites at risk of cyberattacks.
CVE-2024-36387 to CVE-2024-39573 are vulnerabilities in Apache HTTP Server’s components like mod_proxy, mod_rewrite, and core functionalities. Some of the most serious issues are:
Researcher found non protected database form ESHYFT containig 86000 records
CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE
CVE-2024-38472 (Important): Server-Side Request Forgery (SSRF) vulnerability on Windows systems, potentially leaking sensitive NTML hashes.
CVE-2024-38474 (Important): Code execution and source disclosure via encoded question marks in backreferences.
CVE-2024-38475 (Important): Unauthorized access to filesystem locations through improper escaping in mod_rewrite.
CVE-2024-38476 (Important): Information disclosure, SSRF, or local script execution via malicious backend application output.
These vulnerabilities could let attackers crash servers, bypass authentication, steal sensitive data, or take control of affected systems. Upgrade to Apache Software Foundation version 2.4.60 to fix reported vulnerabilities. Organizations that don’t update their software on time may suffer from website crashes, data leaks, and money losses.
Additionally, organizations should:
Check and adjust settings, especially for mod_proxy and mod_rewrite, to prevent issues. Keep an eye on logs for any unusual activity or unauthorized access attempts. Consider using a web application firewall (WAF) to filter out harmful traffic and reduce the risk of attacks.
