About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability. Improper escaping of output in mod_rewrite module leads to remote code execution or arbitrary file reading. Successful exploitation does not require authentication.
Apache HTTP Server 2.4.60, which includes a fix for this vulnerability, was released on July 1, 2024. Orange Tsai (DEVCORE) published technical details and BH2024 slides on the vulnerability on August 9, 2024. A PoC exploit has been on GitHub since August 18, 2024.
On April 29, 2025, it was disclosed that CVE-2024-38475 is actively exploited to compromise SonicWall SMA gateways. WatchTowr Labs explains how the vulnerability exposes the SQLite file with active session tokens. On May 1, the vulnerability was added to the CISA KEV.
Naturally, this vulnerability could potentially affect far more than just SonicWall appliances. 
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.