CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Published: Jul 1, 2024
Updated: Aug 22, 2024
CVE: CVE-2024-38476
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-829

Affected Software
References

Software	From	Fixed in
netapp / clustered_data_ontap	9.0	9.0.x
apache / http_server	2.4.0	2.4.60

http://www.openwall.com/lists/oss-security/2024/07/01/9
https://httpd.apache.org/security/vulnerabilities_24.html
https://security.netapp.com/advisory/ntap-20240712-0001/

Vulnerability Database

289,598

CVE-2024-38476