CVE-2024-51980 – Apache HTTP Server SSRF Vulnerability

June 25, 2025

CVE ID : CVE-2024-51980

Published : June 25, 2025, 8:15 a.m. | 2 hours, 42 minutes ago

Description : An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port 80) SOAP request. The attacker can not control the data sent in the SSRF connection, nor can the attacker receive any data back. This SSRF is suitable for TCP port scanning of an internal network when the Web service (HTTP TCP port 80) is exposed across a network segment.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-51981 – Apache SOAP SSRF/HTTP Request Smuggling

Next Article CVE-2024-51979 – HP IPP HTTP Stack Buffer Overflow

Highlights

CVE-2025-4551 – ContiNew Admin Cross Site Scripting Vulnerability

May 11, 2025

CVE ID : CVE-2025-4551

Published : May 11, 2025, 11:15 p.m. | 1 hour, 15 minutes ago

Description : A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2024-51980 – Apache HTTP Server SSRF Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2025-6936 – Simple Pizza Ordering System SQL Injection

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

CVE-2023-35816 – DevExpress TypeConverter Remote Code Execution Vulnerability

CVE-2025-7416 – Tenda O3V2 HTTPd Stack-Based Buffer Overflow Vulnerability

CVE-2025-4551 – ContiNew Admin Cross Site Scripting Vulnerability

Managing Providers in Terraform: AWS, Azure, and GCP

CVE-2025-44880 – Wavlink WL-WN579A3 Command Injection Vulnerability

My favorite Garmin feature comes to its new Forerunner watch

CVE-2024-51980 – Apache HTTP Server SSRF Vulnerability

Related Posts