Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Published

2024-07-01T19:15:04.977

Last Modified

2024-12-02T17:36:33.403

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-829
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	http_server	< 2.4.60	Yes
Operating System	netapp	clustered_data_ontap	9.0	Yes

References

https://httpd.apache.org/security/vulnerabilities_24.html Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240712-0001/ Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/07/01/9 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://httpd.apache.org/security/vulnerabilities_24.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240712-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)