CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

CVSS

No CVSS.

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jul/18
http://www.openwall.com/lists/oss-security/2024/04/04/5
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
https://security.netapp.com/advisory/ntap-20240415-0013/
https://support.apple.com/kb/HT214119

Configurations

No configuration.

History

30 Jul 2024, 02:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Jul/18 -

29 Jul 2024, 22:15

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214119 -

Information

Published : 2024-04-04 20:15

Updated : 2024-07-30 02:15

NVD link : CVE-2024-24795

Mitre link : CVE-2024-24795

CVE.ORG link : CVE-2024-24795

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-24795

Attach tags to `CVE-2024-24795`