CVE-2024-38474 in Apache and UnsafeAllow3F addition

[romanstech]

trafficstars

RHEL8.10, OMD 5.4

After the latest RHEL update it's not possible to enter to OMD — receive 403 Forbidden. It's because of new vulnerability CVE-2024-38474 in Apache.

Root Cause A substitution encoding issue in mod_rewrite allows an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be executed as CGI. This is the CVE-2024-38474.

Temporary solution: Add UnsafeAllow3F flag to 1 row in file etc/apache/conf.dthruk_cookie_auth.conf: RewriteRule ^(.*)$ ${users:$1|/loginbad/} [C,NS,UnsafeAllow3F]

Permanent solution: Update Apache in OMD to v.2.4.60+