CVE-2024-38473

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Published: Jul 1, 2024
Updated: Jul 2, 2024
CVE: CVE-2024-38473
Exploit:

No technical information available.

CWEs:

CWE-116

Affected Software
References

Software	From	Fixed in
apache / http_server	2.4.0	2.4.60
netapp / ontap	9	9.x

http://www.openwall.com/lists/oss-security/2024/07/01/6
https://httpd.apache.org/security/vulnerabilities_24.html
https://security.netapp.com/advisory/ntap-20240712-0001/

Vulnerability Database

290,020

CVE-2024-38473