CVE-2024-38473

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-38473
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38473.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-38473
Aliases
Downstream
Related
Published
2024-07-01T18:14:21.520Z
Modified
2026-05-01T04:25:27.861320Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
Apache HTTP Server proxy encoding problem
Details

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-116"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38473.json",
    "cna_assigner": "apache",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2.4.0"
                },
                {
                    "last_affected": "2.4.59"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
da5873e80d6eee7a0838793bf68f1d0254745fbb
Fixed
15e7241fa52e86096ee061e1b7fca0cd8d6f53ee
Database specific 
{
    "versions": [
        {
            "introduced": "2.4.0"
        },
        {
            "fixed": "2.4.60"
        }
    ]
}

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38473.json"