CVE-2024-38477

HIGH

Apache HTTP Server <2.4.60 - Null Pointer Dereference

Title source: llm

Description

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Exploits (1)

github SCANNER 123 stars

by mrmtwoj · pythonpoc

https://github.com/mrmtwoj/apache-vulnerability-testing

View Code ZIP pw:eip

References (4)

[Vendor Advisory] https://httpd.apache.org/security/vulnerabilities_24.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20240712-0001/

[Mailing List] http://www.openwall.com/lists/oss-security/2024/07/01/10

[Mailing List] http://seclists.org/fulldisclosure/2024/Oct/11

Scores

CVSS v3 7.5

EPSS 0.0192

EPSS Percentile 83.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (2)

apache/http_server 2.4.0 - 2.4.60

netapp/clustered_data_ontap 9.0

Published Jul 01, 2024

Tracked Since Feb 18, 2026