We would like to know if the NCM component of VMware Smarts Assurance is vulnerable to the HTTPD CVE-2024-38475?

VMware Smarts Assurance

NCM

As per Engineering this vulnerability is only present when using ReWriteRule in HTTPD with back references. 

Ex :: RewriteRule ^product/(\d+)$ /item/$1 [R=301,L]

In the example above, "$1" represents a back reference.

Since back references are not used by NCM httpd's RewriteRule, NCM is not impacted by this vulnerability.

VMware Smarts Assurance NCM is not vulnerable to CVE-2024-38475, therefore no further action is needed.

In the upcoming release of VMware Smarts Assurance NCM 24.3.9 we will support up to Linux 9.5 that includes HTTPD 2.4.53 as the default.