Published: 04/04/2024 Updated: 19/04/2024

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: up to and including 2.4.58.

Debian Bug report logs - #1068412 apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 Package: src:apache2; Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 4 Apr 2024 18:54:02 UTC Severity: grave Tags: security, u ...

DescriptionA flaw was found in httpd The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding or some other headers, resulting in a HTTP response splittingA flaw was found in httpd The response headers are not sanitized before an HTTP response is sent when ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2023-38709: Apache HTTP Server: HTTP response splitting   From: Eric ...

https://httpd.apache.org/security/vulnerabilities_24.html https://security.netapp.com/advisory/ntap-20240415-0013/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-38709

CVE-2023-38709

Vulnerability Summary

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect