CVE-2024-24795
MEDIUMApache HTTP Server 2.4.0-2.4.58 - HTTP Response Splitting via Malicious Response Headers
Title source: llmDescription
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
References (10)
Core 10
Core References
Mailing List
http://seclists.org/fulldisclosure/2024/Jul/18
Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html
Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240415-0013/
Third Party Advisory
https://support.apple.com/kb/HT214119
Release Notes, Vendor Advisory vendor-advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Scores
CVSS v3
6.3
EPSS
0.0287
EPSS Percentile
84.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-113
CWE-444
Status
published
Products (9)
apache/http_server
2.4.0 - 2.4.59
apple/macos
< 14.6
broadcom/fabric_operating_system
debian/debian_linux
10.0
fedoraproject/fedora
38
fedoraproject/fedora
39
fedoraproject/fedora
40
netapp/ontap
9
netapp/ontap_tools
10
Published
Apr 04, 2024
Tracked Since
Feb 18, 2026