{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T19:11:59.462","vulnerabilities":[{"cve":{"id":"CVE-2024-39884","sourceIdentifier":"security@apache.org","published":"2024-07-04T09:15:04.237","lastModified":"2025-07-01T20:27:13.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.61, which fixes this issue."},{"lang":"es","value":"Una regresión en el núcleo de Apache HTTP Server 2.4.60 ignora parte del uso de la configuración de controladores heredada basada en el tipo de contenido. \"AddType\" y configuraciones similares, en algunas circunstancias en las que los archivos se solicitan indirectamente, dan como resultado la divulgación del código fuente del contenido local. Por ejemplo, los scripts PHP pueden servirse en lugar de interpretarse. Se recomienda a los usuarios actualizar a la versión 2.4.61, que soluciona este problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:http_server:2.4.60:*:*:*:*:*:*:*","matchCriteriaId":"3B948936-6007-4436-AF16-CCE8F59E0C29"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"5333B745-F7A3-46CB-8437-8668DB08CD6F"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2024/07/17/6","source":"security@apache.org","tags":["Mailing List"]},{"url":"https://httpd.apache.org/security/vulnerabilities_24.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240712-0002/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/07/03/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2024/07/17/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://httpd.apache.org/security/vulnerabilities_24.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240712-0002/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}