Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-24795

Published: 04/04/2024 Updated: 04/05/2024

Vulnerability Summary

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: up to and including 2.4.58. (CVE-2023-38709) HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue. (CVE-2024-24795)

Vendor Advisories

Debian CVElist Bug Report Logs: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
Debian Bug report logs - #1068412 apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 Package: src:apache2; Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 4 Apr 2024 18:54:02 UTC Severity: grave Tags: security, u ...
Amazon Linux 2: ALAS-2024-2532
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses This issue affects Apache HTTP Server: through 2458 (CVE-2023-38709) HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applica ...

Mailing Lists

Full Disclosure: CVE-2024-24795: Apache HTTP Server: HTTP Response Splitting in multiple modules
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2024-24795: Apache HTTP Server: HTTP Response Splitting in multiple modules <!--X-Subject-Header-End--> <!--X-Head-of-Mess ...

References

https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://security.netapp.com/advisory/ntap-20240415-0013/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/http://www.openwall.com/lists/oss-security/2024/04/04/5https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2532.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook