CVE-2024-38477

HIGH

Apache HTTP Server <2.4.60 - Null Pointer Dereference

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-38477. PoCs published by mrmtwoj.

AI-analyzed exploit summary The repository contains a Python script that scans for multiple Apache HTTP Server vulnerabilities by sending crafted HTTP requests to detect potential misconfigurations or weaknesses. It does not include exploit code for achieving RCE, DoS, or other offensive actions but checks for response patterns indicative of vulnerabilities.

Description

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Exploits (1)

github SCANNER 123 stars
by mrmtwoj · pythonpoc
https://github.com/mrmtwoj/apache-vulnerability-testing

The repository contains a Python script that scans for multiple Apache HTTP Server vulnerabilities by sending crafted HTTP requests to detect potential misconfigurations or weaknesses. It does not include exploit code for achieving RCE, DoS, or other offensive actions but checks for response patterns indicative of vulnerabilities.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Apache HTTP Server (various versions)
No auth needed
Prerequisites: Python 3.x · requests library · network access to target Apache server
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.5
EPSS 0.0315
EPSS Percentile 86.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (2)
apache/http_server 2.4.0 - 2.4.60
netapp/clustered_data_ontap 9.0
Published Jul 01, 2024
Tracked Since Feb 18, 2026