| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-38475 | Apache HTTP Server Improper Escaping of Output Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
Improper escaping in Apache HTTP Server versions 2.4.59 and before permits code execution or disclosure of source code, as well as session hijacking and a potential full system compromise. An attacker can use a crafted URL to perform a traversal attack to trick the Apache server into reading sensitive files.
References
|
| CVE-2024-38475 | Apache HTTP Server Improper Escaping of Output Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
Improper escaping in Apache HTTP Server versions 2.4.59 and before permits code execution or disclosure of source code, as well as session hijacking and a potential full system compromise. An attacker can use a crafted URL to perform a traversal attack to trick the Apache server into reading sensitive files.
References
|
| CVE-2024-38475 | Apache HTTP Server Improper Escaping of Output Vulnerability | primary_impact | T1528 | Steal Application Access Token |
Comments
Improper escaping in Apache HTTP Server versions 2.4.59 and before permits code execution or disclosure of source code, as well as session hijacking and a potential full system compromise. An attacker can use a crafted URL to perform a traversal attack to trick the Apache server into reading sensitive files.
References
|
| CVE-2024-38475 | Apache HTTP Server Improper Escaping of Output Vulnerability | primary_impact | T1005 | Data from Local System |
Comments
Improper escaping in Apache HTTP Server versions 2.4.59 and before permits code execution or disclosure of source code, as well as session hijacking and a potential full system compromise. An attacker can use a crafted URL to perform a traversal attack to trick the Apache server into reading sensitive files.
References
|