CVE-2024-51980 – Apache HTTP Server SSRF Vulnerability

June 25, 2025

CVE ID : CVE-2024-51980

Published : June 25, 2025, 8:15 a.m. | 2 hours, 42 minutes ago

Description : An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port 80) SOAP request. The attacker can not control the data sent in the SSRF connection, nor can the attacker receive any data back. This SSRF is suitable for TCP port scanning of an internal network when the Web service (HTTP TCP port 80) is exposed across a network segment.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-51981 – Apache SOAP SSRF/HTTP Request Smuggling

Next Article CVE-2024-51979 – HP IPP HTTP Stack Buffer Overflow

Highlights

CVE-2025-49193 – Apache Struts Missing Security Headers Vulnerability

June 12, 2025

CVE ID : CVE-2025-49193

Published : June 12, 2025, 3:15 p.m. | 45 minutes ago

Description : The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2024-51980 – Apache HTTP Server SSRF Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users

Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

CVE-2025-48930 – TeleMessage In-Memory Cleartext Information Exposure Vulnerability

Mlmmj is a simple and slim mailing list manager

CVE-2025-49193 – Apache Struts Missing Security Headers Vulnerability

Apple’s Big Move: The Future of Mobile

CVE-2025-5447 – Linksys Wireless Router OS Command Injection Vulnerability

CVE-2025-0086 – Android AccountManager Service Token Overwrite Vulnerability

CVE-2024-51980 – Apache HTTP Server SSRF Vulnerability

Related Posts