Unrated severityNVD Advisory· Published Jul 10, 2025· Updated Nov 4, 2025

Apache HTTP Server: SSRF with mod_headers setting Content-Type header

CVE-2024-43204

Description

SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.

Users are recommended to upgrade to version 2.4.64 which fixes this issue.

Affected products

Apache/HTTP Serverllm-fuzzy
Range: <2.4.64
Apache Software Foundation/Apache HTTP Serverv5
Range: 2.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

httpd.apache.org/security/vulnerabilities_24.htmlmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000