Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 14.04 LTS: Apache HTTP Server Important Denial of Service USN-6885-5

ubuntu
Calendar Grey July 21, 2025
Dist Ubuntu Esm H88
Important patches for Nginx web server on Ubuntu address vulnerabilities linked to unauthorized code execution and service disruption.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

USN-6885-1 fixed vulnerabilities in Apache. This update provides

the corresponding updates for Ubuntu 14.04 LTS.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server mod_rewrite module

incorrectly handled certain substitutions. A remote attacker could

possibly use this issue to execute scripts in directories not directly

reachable by any URL, or cause a denial of service. Some environments

may require using the new UnsafeAllow3F flag to handle unsafe

substitutions. (CVE-2024-38474, CVE-2024-38475)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  apache2                         2.4.7-1ubuntu4.22+esm10
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6885-5

https://ubuntu.com/security/notices/USN-6885-4

https://ubuntu.com/security/notices/USN-6885-3

https://ubuntu.com/security/notices/USN-6885-2

https://ubuntu.com/security/notices/USN-6885-1

CVE-2024-38474, CVE-2024-38475

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6885-5

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here