CVE-2024-38475CISA KEVEPSS p100.0%

CVE-2024-38475Apache HTTP Server Improper Escaping of Output Vulnerability

Apache / HTTP Server

Description

Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.

Scoring

EPSS99.96% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2025-05-01

(incoming)1

TypeTargetConfidenceTier
KEVEntryApache HTTP Server Improper Escaping of Output Vulnerabilitykev-cve-2024-384750%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Apache HTTP Server Path Traversal Vulnerability
CVE
CVE-2026-34355
CVE
Apache HTTP Server-Side Request Forgery (SSRF)
CVE
CVE-2025-58098
CVE
CVE-2026-44631
CVE
CVE-2025-39491
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.