SUSE Support

Here When You Need Us

Apache regression ignores headers sent by CGI scripts introduced by CVE-2024-24795

This document (000021486) is provided subject to the disclaimer at the end of this document.

Environment

For a comprehensive list of affected products, please review the SUSE CVE announcement .

Situation

Because of changes to apache2 introduced by security fix CVE-2024-24795 a configuration change may be required as the fix changes the way how Content-Length and Transfer-Encoding header are used.

Resolution

If a (Fast)CGI script is being used, then the data is not trusted by default and Content-Headers are being removed by default. If the endpoint is trusted and/or the code behind the CGI script, the following change is needed in the existing configuration (for example, via htaccess) so it behaves as previously. For example, to fix it for PHP:
SetEnvIf Request_URI "\.php$" ap_trust_cgilike_cl
Please adjust existing configurations as needed.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021486
  • Creation Date: 08-Jul-2024
  • Modified Date:08-Jul-2024
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.