IBM Aspera Console Vulnerabilities: Apache HTTP Server RCE/DoS via mod_proxy/mod_rewrite (CVE-2024-38477, CVE-2021-38963)

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability IDs: - CVE-2024-38477 - CVE-2021-38963 - CVE-2024-38475 - CVE-2024-38474 2. Vulnerability Descriptions: - CVE-2024-38477: Apache HTTP Server contains a denial-of-service vulnerability caused by a NULL pointer dereference in the mod_proxy module. Remote attackers can exploit this vulnerability by sending specially crafted requests, leading to a denial-of-service condition. - CVE-2021-38963: Apache HTTP Server contains a remote code execution vulnerability caused by CSV injection in the mod_proxy module. Remote attackers can exploit this vulnerability by tricking victims into opening a specially crafted file, allowing arbitrary code execution. - CVE-2024-38475: Apache HTTP Server has an improper URL rewriting output issue, allowing attackers to map URLs to locations in the file system that the server is configured to serve but are not intentionally directly accessible. This could lead to code execution or source code disclosure. - CVE-2024-38474: Apache HTTP Server contains a remote code execution vulnerability caused by replacement encoding issues in the mod_rewrite module. Remote attackers can exploit this vulnerability by sending specially crafted requests, enabling script execution. 3. Affected Products and Versions: - IBM Aspera Console 3.4.0 - 3.4.4 4. Remediation Recommendations: - Users are advised to upgrade to the latest version of IBM Aspera Console. 5. Reference Information: - IBM Secure Engineering Web Portal - IBM Product Security Incident Response Blog This information helps users understand the details of the vulnerabilities, affected products and versions, remediation steps, and relevant reference resources.

Goal Reached Thanks to every supporter — we hit 100%!

IBM Aspera Console Vulnerabilities: Apache HTTP Server RCE/DoS via mod_proxy/mod_rewrite (CVE-2024-38477, CVE-2021-38963)