Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVSS
No CVSS.
References
Configurations
No configuration.
History
No history.
Information
Published : 2024-07-01 19:15
Updated : 2024-07-12 14:15
NVD link : CVE-2024-38476
Mitre link : CVE-2024-38476
CVE.ORG link : CVE-2024-38476
JSON object : View
Products Affected
No product.
CWE
CWE-829
Inclusion of Functionality from Untrusted Control Sphere