ALPINE-CVE-2024-40725

ALPINE-CVE-2024-40725 PUBLISHED CVSS 5.300000190734863 MEDIUM

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue.

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.19	apache2	0, 2.4.9-r1, 2.4.9-r0
Alpine:v3.20	apache2	2.4.58-r0, 2.4.58-r1, 2.4.58-r2
Alpine:v3.22	apache2	2.4.59-r0, 2.2.22-r0, 2.2.16-r1
Alpine:v3.23	apache2	2.4.51-r0, 2.4.51-r1, 2.4.52-r0
Alpine:v3.21	apache2	2.4.46-r2, 2.4.51-r0, 2.4.51-r1
Alpine:v3.17	apache2	2.4.23-r1, 2.4.29-r0, 2.4.18-r2
Alpine:v3.18	apache2	2.4.29-r1, 2.4.29-r0, 2.4.28-r0

Timeline

Jul 18, 2024 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2024-40725 advisory

Open in Interactive Console →