MEDIUM · CVSS 5.9
CVE-2024-39884 — Apache HTTP Server cache-key confusion
A cache-key confusion in Apache mod_cache could let a request with a specific Content-Type serve cached content intended for a different handler, potentially leaking sensitive payloads.
Affects
- Apache HTTP Server 2.4.59 and earlier
What an attacker does
In Apache configurations using mod_cache + multiple handlers, crafted Content-Type headers resulted in cache-key collisions. Sensitive admin responses could be served to subsequent anonymous requests for the same URL.
How to detect
Apache version + mod_cache config audit.
How to fix
Upgrade Apache to 2.4.60+.
How Securie catches it
Securie's IaC scanner audits Apache configs + pairs with version detection.