CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.

Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Published: Apr 4, 2024
Updated: Apr 5, 2024
CVE: CVE-2024-24795
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apache / http_server	2.4.0	2.4.59
debian / debian_linux	10.0	10.0.x
fedoraproject / fedora	38	38.x
fedoraproject / fedora	39	39.x
fedoraproject / fedora	40	40.x
netapp / ontap	9	9.x
netapp / ontap_tools	10	10.x
apple / macos	-	14.6

http://seclists.org/fulldisclosure/2024/Jul/18
http://www.openwall.com/lists/oss-security/2024/04/04/5
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
https://security.netapp.com/advisory/ntap-20240415-0013/
https://support.apple.com/kb/HT214119

Vulnerability Database

CVE-2024-24795