SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-40725

CVE-2024-40725: Apache HTTP Server Disclosure Vulnerability

CVE-2024-40725 is an information disclosure vulnerability in Apache HTTP Server that exposes source code when files are requested indirectly. This article covers the technical details, affected versions, and mitigation.

Updated:

CVE-2024-40725 Overview

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue.

Critical Impact

This vulnerability allows for the unintended disclosure of source code, which can lead to further exploitation.

Affected Products

  • Apache Http Server 2.4.60
  • Apache Http Server 2.4.61

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Apache
  • Not Available - CVE CVE-2024-40725 assigned
  • Not Available - Apache releases security patch
  • 2024-07-18 - CVE CVE-2024-40725 published to NVD
  • 2025-03-14 - Last updated in NVD database

Technical Details for CVE-2024-40725

Vulnerability Analysis

This information disclosure vulnerability arises due to legacy configuration handling in Apache HTTP Server 2.4.61, where the AddType directive and similar configurations can expose source code when content is requested indirectly.

Root Cause

Improper handling of legacy content-type based configurations results in unintended exposure of local file content.

Attack Vector

Network-based attacks can leverage indirect requests to exploit this vulnerability, potentially revealing sensitive source code.

apache
# Example of a vulnerable configuration
AddType application/x-httpd-php .php

# Under indirect conditions, could expose PHP source code

Detection Methods for CVE-2024-40725

Indicators of Compromise

  • Unusual access to PHP files
  • Logs showing raw PHP code in HTTP response
  • Requests for source file types (*.php without execution)

Detection Strategies

Use web server logs to identify uncharacteristic requests to PHP and other sensitive file types. Monitor for HTTP responses that match PHP source output.

Monitoring Recommendations

Implement logging of all HTTP requests and responses to detect anomalous interactions. Utilize intrusion detection systems to identify patterns related to source code leakage.

How to Mitigate CVE-2024-40725

Immediate Actions Required

  • Upgrade to Apache HTTP Server version 2.4.62
  • Review and update AddType directives
  • Ensure scripts are executed correctly, rather than served as static content

Patch Information

Apache has released a patch in version 2.4.62 to address this vulnerability. Users should upgrade as soon as possible.

Workarounds

Review and adjust all AddType configurations in the httpd.conf file to ensure PHP scripts are handled as executable and not static files.

bash
# Example configuration to mitigate the issue
<FilesMatch "\.php$">
    SetHandler application/x-httpd-php
</FilesMatch>

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne