ALPINE-CVE-2023-38709

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2023-38709
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-38709.json
JSON Data
https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2023-38709
Upstream
Published
2024-04-04T20:15:08.047Z
Modified
2025-12-03T22:47:20.222190Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

This issue affects Apache HTTP Server: through 2.4.58.

References

Affected packages

Alpine:v3.16

apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.59-r0

Affected versions

2.*

2.2.16-r0
2.2.16-r1
2.2.16-r2
2.2.16-r3
2.2.17-r0
2.2.17-r1
2.2.17-r2
2.2.17-r3
2.2.17-r4
2.2.17-r5
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.21-r2
2.2.21-r3
2.2.22-r0
2.2.22-r1
2.4.3-r0
2.4.3-r1
2.4.3-r2
2.4.4-r0
2.4.4-r1
2.4.6-r0
2.4.6-r1
2.4.6-r2
2.4.6-r3
2.4.6-r4
2.4.7-r0
2.4.9-r0
2.4.9-r1
2.4.10-r0
2.4.12-r0
2.4.12-r1
2.4.12-r2
2.4.12-r3
2.4.12-r4
2.4.16-r0
2.4.17-r0
2.4.17-r1
2.4.17-r2
2.4.17-r3
2.4.17-r4
2.4.17-r5
2.4.17-r6
2.4.17-r7
2.4.18-r0
2.4.18-r1
2.4.18-r2
2.4.20-r0
2.4.20-r1
2.4.20-r2
2.4.23-r0
2.4.23-r1
2.4.23-r2
2.4.23-r3
2.4.23-r4
2.4.23-r5
2.4.23-r6
2.4.23-r7
2.4.23-r8
2.4.23-r9
2.4.23-r10
2.4.25-r0
2.4.25-r1
2.4.26-r0
2.4.27-r0
2.4.27-r1
2.4.27-r2
2.4.28-r0
2.4.29-r0
2.4.29-r1
2.4.33-r0
2.4.33-r1
2.4.34-r0
2.4.35-r0
2.4.37-r0
2.4.37-r1
2.4.38-r0
2.4.38-r1
2.4.38-r2
2.4.39-r0
2.4.41-r0
2.4.43-r0
2.4.46-r0
2.4.46-r1
2.4.46-r2
2.4.46-r3
2.4.48-r0
2.4.48-r1
2.4.48-r2
2.4.49-r1
2.4.50-r0
2.4.51-r0
2.4.51-r1
2.4.52-r0
2.4.53-r0
2.4.54-r0
2.4.55-r0
2.4.56-r0
2.4.58-r0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-38709.json"

Alpine:v3.17

apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.59-r0

Affected versions

2.*

2.2.16-r0
2.2.16-r1
2.2.16-r2
2.2.16-r3
2.2.17-r0
2.2.17-r1
2.2.17-r2
2.2.17-r3
2.2.17-r4
2.2.17-r5
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.21-r2
2.2.21-r3
2.2.22-r0
2.2.22-r1
2.4.3-r0
2.4.3-r1
2.4.3-r2
2.4.4-r0
2.4.4-r1
2.4.6-r0
2.4.6-r1
2.4.6-r2
2.4.6-r3
2.4.6-r4
2.4.7-r0
2.4.9-r0
2.4.9-r1
2.4.10-r0
2.4.12-r0
2.4.12-r1
2.4.12-r2
2.4.12-r3
2.4.12-r4
2.4.16-r0
2.4.17-r0
2.4.17-r1
2.4.17-r2
2.4.17-r3
2.4.17-r4
2.4.17-r5
2.4.17-r6
2.4.17-r7
2.4.18-r0
2.4.18-r1
2.4.18-r2
2.4.20-r0
2.4.20-r1
2.4.20-r2
2.4.23-r0
2.4.23-r1
2.4.23-r2
2.4.23-r3
2.4.23-r4
2.4.23-r5
2.4.23-r6
2.4.23-r7
2.4.23-r8
2.4.23-r9
2.4.23-r10
2.4.25-r0
2.4.25-r1
2.4.26-r0
2.4.27-r0
2.4.27-r1
2.4.27-r2
2.4.28-r0
2.4.29-r0
2.4.29-r1
2.4.33-r0
2.4.33-r1
2.4.34-r0
2.4.35-r0
2.4.37-r0
2.4.37-r1
2.4.38-r0
2.4.38-r1
2.4.38-r2
2.4.39-r0
2.4.41-r0
2.4.43-r0
2.4.46-r0
2.4.46-r1
2.4.46-r2
2.4.46-r3
2.4.48-r0
2.4.48-r1
2.4.48-r2
2.4.49-r1
2.4.50-r0
2.4.51-r0
2.4.51-r1
2.4.52-r0
2.4.53-r0
2.4.54-r0
2.4.54-r1
2.4.55-r0
2.4.56-r0
2.4.57-r0
2.4.58-r0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-38709.json"

Alpine:v3.18

apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.59-r0

Affected versions

2.*

2.2.16-r0
2.2.16-r1
2.2.16-r2
2.2.16-r3
2.2.17-r0
2.2.17-r1
2.2.17-r2
2.2.17-r3
2.2.17-r4
2.2.17-r5
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.21-r2
2.2.21-r3
2.2.22-r0
2.2.22-r1
2.4.3-r0
2.4.3-r1
2.4.3-r2
2.4.4-r0
2.4.4-r1
2.4.6-r0
2.4.6-r1
2.4.6-r2
2.4.6-r3
2.4.6-r4
2.4.7-r0
2.4.9-r0
2.4.9-r1
2.4.10-r0
2.4.12-r0
2.4.12-r1
2.4.12-r2
2.4.12-r3
2.4.12-r4
2.4.16-r0
2.4.17-r0
2.4.17-r1
2.4.17-r2
2.4.17-r3
2.4.17-r4
2.4.17-r5
2.4.17-r6
2.4.17-r7
2.4.18-r0
2.4.18-r1
2.4.18-r2
2.4.20-r0
2.4.20-r1
2.4.20-r2
2.4.23-r0
2.4.23-r1
2.4.23-r2
2.4.23-r3
2.4.23-r4
2.4.23-r5
2.4.23-r6
2.4.23-r7
2.4.23-r8
2.4.23-r9
2.4.23-r10
2.4.25-r0
2.4.25-r1
2.4.26-r0
2.4.27-r0
2.4.27-r1
2.4.27-r2
2.4.28-r0
2.4.29-r0
2.4.29-r1
2.4.33-r0
2.4.33-r1
2.4.34-r0
2.4.35-r0
2.4.37-r0
2.4.37-r1
2.4.38-r0
2.4.38-r1
2.4.38-r2
2.4.39-r0
2.4.41-r0
2.4.43-r0
2.4.46-r0
2.4.46-r1
2.4.46-r2
2.4.46-r3
2.4.48-r0
2.4.48-r1
2.4.48-r2
2.4.49-r1
2.4.50-r0
2.4.51-r0
2.4.51-r1
2.4.52-r0
2.4.53-r0
2.4.54-r0
2.4.54-r1
2.4.54-r2
2.4.55-r0
2.4.56-r0
2.4.57-r0
2.4.57-r1
2.4.57-r2
2.4.57-r3
2.4.58-r0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-38709.json"

Alpine:v3.19

apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.59-r0

Affected versions

2.*

2.2.16-r0
2.2.16-r1
2.2.16-r2
2.2.16-r3
2.2.17-r0
2.2.17-r1
2.2.17-r2
2.2.17-r3
2.2.17-r4
2.2.17-r5
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.21-r2
2.2.21-r3
2.2.22-r0
2.2.22-r1
2.4.3-r0
2.4.3-r1
2.4.3-r2
2.4.4-r0
2.4.4-r1
2.4.6-r0
2.4.6-r1
2.4.6-r2
2.4.6-r3
2.4.6-r4
2.4.7-r0
2.4.9-r0
2.4.9-r1
2.4.10-r0
2.4.12-r0
2.4.12-r1
2.4.12-r2
2.4.12-r3
2.4.12-r4
2.4.16-r0
2.4.17-r0
2.4.17-r1
2.4.17-r2
2.4.17-r3
2.4.17-r4
2.4.17-r5
2.4.17-r6
2.4.17-r7
2.4.18-r0
2.4.18-r1
2.4.18-r2
2.4.20-r0
2.4.20-r1
2.4.20-r2
2.4.23-r0
2.4.23-r1
2.4.23-r2
2.4.23-r3
2.4.23-r4
2.4.23-r5
2.4.23-r6
2.4.23-r7
2.4.23-r8
2.4.23-r9
2.4.23-r10
2.4.25-r0
2.4.25-r1
2.4.26-r0
2.4.27-r0
2.4.27-r1
2.4.27-r2
2.4.28-r0
2.4.29-r0
2.4.29-r1
2.4.33-r0
2.4.33-r1
2.4.34-r0
2.4.35-r0
2.4.37-r0
2.4.37-r1
2.4.38-r0
2.4.38-r1
2.4.38-r2
2.4.39-r0
2.4.41-r0
2.4.43-r0
2.4.46-r0
2.4.46-r1
2.4.46-r2
2.4.46-r3
2.4.48-r0
2.4.48-r1
2.4.48-r2
2.4.49-r1
2.4.50-r0
2.4.51-r0
2.4.51-r1
2.4.52-r0
2.4.53-r0
2.4.54-r0
2.4.54-r1
2.4.54-r2
2.4.55-r0
2.4.56-r0
2.4.57-r0
2.4.57-r1
2.4.57-r2
2.4.57-r3
2.4.58-r0
2.4.58-r1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-38709.json"

Alpine:v3.20

apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.59-r0

Affected versions

2.*

2.2.16-r0
2.2.16-r1
2.2.16-r2
2.2.16-r3
2.2.17-r0
2.2.17-r1
2.2.17-r2
2.2.17-r3
2.2.17-r4
2.2.17-r5
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.21-r2
2.2.21-r3
2.2.22-r0
2.2.22-r1
2.4.3-r0
2.4.3-r1
2.4.3-r2
2.4.4-r0
2.4.4-r1
2.4.6-r0
2.4.6-r1
2.4.6-r2
2.4.6-r3
2.4.6-r4
2.4.7-r0
2.4.9-r0
2.4.9-r1
2.4.10-r0
2.4.12-r0
2.4.12-r1
2.4.12-r2
2.4.12-r3
2.4.12-r4
2.4.16-r0
2.4.17-r0
2.4.17-r1
2.4.17-r2
2.4.17-r3
2.4.17-r4
2.4.17-r5
2.4.17-r6
2.4.17-r7
2.4.18-r0
2.4.18-r1
2.4.18-r2
2.4.20-r0
2.4.20-r1
2.4.20-r2
2.4.23-r0
2.4.23-r1
2.4.23-r2
2.4.23-r3
2.4.23-r4
2.4.23-r5
2.4.23-r6
2.4.23-r7
2.4.23-r8
2.4.23-r9
2.4.23-r10
2.4.25-r0
2.4.25-r1
2.4.26-r0
2.4.27-r0
2.4.27-r1
2.4.27-r2
2.4.28-r0
2.4.29-r0
2.4.29-r1
2.4.33-r0
2.4.33-r1
2.4.34-r0
2.4.35-r0
2.4.37-r0
2.4.37-r1
2.4.38-r0
2.4.38-r1
2.4.38-r2
2.4.39-r0
2.4.41-r0
2.4.43-r0
2.4.46-r0
2.4.46-r1
2.4.46-r2
2.4.46-r3
2.4.48-r0
2.4.48-r1
2.4.48-r2
2.4.49-r1
2.4.50-r0
2.4.51-r0
2.4.51-r1
2.4.52-r0
2.4.53-r0
2.4.54-r0
2.4.54-r1
2.4.54-r2
2.4.55-r0
2.4.56-r0
2.4.57-r0
2.4.57-r1
2.4.57-r2
2.4.57-r3
2.4.58-r0
2.4.58-r1
2.4.58-r2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-38709.json"

Alpine:v3.21

apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.59-r0

Affected versions

2.*

2.2.16-r0
2.2.16-r1
2.2.16-r2
2.2.16-r3
2.2.17-r0
2.2.17-r1
2.2.17-r2
2.2.17-r3
2.2.17-r4
2.2.17-r5
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.21-r2
2.2.21-r3
2.2.22-r0
2.2.22-r1
2.4.3-r0
2.4.3-r1
2.4.3-r2
2.4.4-r0
2.4.4-r1
2.4.6-r0
2.4.6-r1
2.4.6-r2
2.4.6-r3
2.4.6-r4
2.4.7-r0
2.4.9-r0
2.4.9-r1
2.4.10-r0
2.4.12-r0
2.4.12-r1
2.4.12-r2
2.4.12-r3
2.4.12-r4
2.4.16-r0
2.4.17-r0
2.4.17-r1
2.4.17-r2
2.4.17-r3
2.4.17-r4
2.4.17-r5
2.4.17-r6
2.4.17-r7
2.4.18-r0
2.4.18-r1
2.4.18-r2
2.4.20-r0
2.4.20-r1
2.4.20-r2
2.4.23-r0
2.4.23-r1
2.4.23-r2
2.4.23-r3
2.4.23-r4
2.4.23-r5
2.4.23-r6
2.4.23-r7
2.4.23-r8
2.4.23-r9
2.4.23-r10
2.4.25-r0
2.4.25-r1
2.4.26-r0
2.4.27-r0
2.4.27-r1
2.4.27-r2
2.4.28-r0
2.4.29-r0
2.4.29-r1
2.4.33-r0
2.4.33-r1
2.4.34-r0
2.4.35-r0
2.4.37-r0
2.4.37-r1
2.4.38-r0
2.4.38-r1
2.4.38-r2
2.4.39-r0
2.4.41-r0
2.4.43-r0
2.4.46-r0
2.4.46-r1
2.4.46-r2
2.4.46-r3
2.4.48-r0
2.4.48-r1
2.4.48-r2
2.4.49-r1
2.4.50-r0
2.4.51-r0
2.4.51-r1
2.4.52-r0
2.4.53-r0
2.4.54-r0
2.4.54-r1
2.4.54-r2
2.4.55-r0
2.4.56-r0
2.4.57-r0
2.4.57-r1
2.4.57-r2
2.4.57-r3
2.4.58-r0
2.4.58-r1
2.4.58-r2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-38709.json"

Alpine:v3.22

apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.59-r0

Affected versions

2.*

2.2.16-r0
2.2.16-r1
2.2.16-r2
2.2.16-r3
2.2.17-r0
2.2.17-r1
2.2.17-r2
2.2.17-r3
2.2.17-r4
2.2.17-r5
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.21-r2
2.2.21-r3
2.2.22-r0
2.2.22-r1
2.4.3-r0
2.4.3-r1
2.4.3-r2
2.4.4-r0
2.4.4-r1
2.4.6-r0
2.4.6-r1
2.4.6-r2
2.4.6-r3
2.4.6-r4
2.4.7-r0
2.4.9-r0
2.4.9-r1
2.4.10-r0
2.4.12-r0
2.4.12-r1
2.4.12-r2
2.4.12-r3
2.4.12-r4
2.4.16-r0
2.4.17-r0
2.4.17-r1
2.4.17-r2
2.4.17-r3
2.4.17-r4
2.4.17-r5
2.4.17-r6
2.4.17-r7
2.4.18-r0
2.4.18-r1
2.4.18-r2
2.4.20-r0
2.4.20-r1
2.4.20-r2
2.4.23-r0
2.4.23-r1
2.4.23-r2
2.4.23-r3
2.4.23-r4
2.4.23-r5
2.4.23-r6
2.4.23-r7
2.4.23-r8
2.4.23-r9
2.4.23-r10
2.4.25-r0
2.4.25-r1
2.4.26-r0
2.4.27-r0
2.4.27-r1
2.4.27-r2
2.4.28-r0
2.4.29-r0
2.4.29-r1
2.4.33-r0
2.4.33-r1
2.4.34-r0
2.4.35-r0
2.4.37-r0
2.4.37-r1
2.4.38-r0
2.4.38-r1
2.4.38-r2
2.4.39-r0
2.4.41-r0
2.4.43-r0
2.4.46-r0
2.4.46-r1
2.4.46-r2
2.4.46-r3
2.4.48-r0
2.4.48-r1
2.4.48-r2
2.4.49-r1
2.4.50-r0
2.4.51-r0
2.4.51-r1
2.4.52-r0
2.4.53-r0
2.4.54-r0
2.4.54-r1
2.4.54-r2
2.4.55-r0
2.4.56-r0
2.4.57-r0
2.4.57-r1
2.4.57-r2
2.4.57-r3
2.4.58-r0
2.4.58-r1
2.4.58-r2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-38709.json"

Alpine:v3.23

apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.59-r0

Affected versions

2.*

2.2.16-r0
2.2.16-r1
2.2.16-r2
2.2.16-r3
2.2.17-r0
2.2.17-r1
2.2.17-r2
2.2.17-r3
2.2.17-r4
2.2.17-r5
2.2.20-r0
2.2.21-r0
2.2.21-r1
2.2.21-r2
2.2.21-r3
2.2.22-r0
2.2.22-r1
2.4.3-r0
2.4.3-r1
2.4.3-r2
2.4.4-r0
2.4.4-r1
2.4.6-r0
2.4.6-r1
2.4.6-r2
2.4.6-r3
2.4.6-r4
2.4.7-r0
2.4.9-r0
2.4.9-r1
2.4.10-r0
2.4.12-r0
2.4.12-r1
2.4.12-r2
2.4.12-r3
2.4.12-r4
2.4.16-r0
2.4.17-r0
2.4.17-r1
2.4.17-r2
2.4.17-r3
2.4.17-r4
2.4.17-r5
2.4.17-r6
2.4.17-r7
2.4.18-r0
2.4.18-r1
2.4.18-r2
2.4.20-r0
2.4.20-r1
2.4.20-r2
2.4.23-r0
2.4.23-r1
2.4.23-r2
2.4.23-r3
2.4.23-r4
2.4.23-r5
2.4.23-r6
2.4.23-r7
2.4.23-r8
2.4.23-r9
2.4.23-r10
2.4.25-r0
2.4.25-r1
2.4.26-r0
2.4.27-r0
2.4.27-r1
2.4.27-r2
2.4.28-r0
2.4.29-r0
2.4.29-r1
2.4.33-r0
2.4.33-r1
2.4.34-r0
2.4.35-r0
2.4.37-r0
2.4.37-r1
2.4.38-r0
2.4.38-r1
2.4.38-r2
2.4.39-r0
2.4.41-r0
2.4.43-r0
2.4.46-r0
2.4.46-r1
2.4.46-r2
2.4.46-r3
2.4.48-r0
2.4.48-r1
2.4.48-r2
2.4.49-r1
2.4.50-r0
2.4.51-r0
2.4.51-r1
2.4.52-r0
2.4.53-r0
2.4.54-r0
2.4.54-r1
2.4.54-r2
2.4.55-r0
2.4.56-r0
2.4.57-r0
2.4.57-r1
2.4.57-r2
2.4.57-r3
2.4.58-r0
2.4.58-r1
2.4.58-r2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-38709.json"