cve 2024 40725

CVE-2024-40725 is a vulnerability in Apache HTTP Server versions 2.4.60 and 2.4.61 that can lead to source code disclosure. The issue arises from legacy content-type handler configurations, such as AddType, which may return source code instead of executing it. A partial upstream fix left an opening, but the fully corrected code was released in Apache HTTP Server 2.4.62. Microsoft has noted that Azure Linux includes the vulnerable open-source library and is potentially affected, but this does not mean Azure Linux is the only Microsoft product that could carry the vulnerable component. Operators running Microsoft images should treat Azure Linux as an attested carrier of the vulnerable library and apply the patch accordingly.