BIT-apache-2024-24795

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2024-24795.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-apache-2024-24795
Aliases
Published
2024-04-06T18:17:14.870Z
Modified
2025-05-20T10:02:07.006Z
Summary
Apache HTTP Server: HTTP Response Splitting in multiple modules
Details

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.

Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Database specific
{
    "cpes": [
        "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / apache

Package

Name
apache
Purl
pkg:bitnami/apache

Severity

  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2.4.0
Fixed
2.4.59