CVE-2024-38476

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38476

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38476.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38476

Aliases

BIT-apache-2024-38476

Downstream

ALPINE-CVE-2024-38476

BELL-CVE-2024-38476

DEBIAN-CVE-2024-38476

DSA-5729-1

OESA-2024-2101

RHSA-2024:5138

RHSA-2024:5193

RHSA-2024:5239

RHSA-2024:5812

RHSA-2024:5832

RHSA-2024:6136

RHSA-2024:6467

RHSA-2024:6468

RHSA-2024:6583

RHSA-2024:6584

RHSA-2024:7101

SUSE-SU-2024:2560-1

SUSE-SU-2024:2591-1

SUSE-SU-2024:2597-1

SUSE-SU-2024:2624-1

UBUNTU-CVE-2024-38476

USN-6885-1

USN-6885-3

openSUSE-SU-2024:14116-1

Related

Published

2024-07-01T19:15:04Z

Modified

2025-10-13T04:34:29Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type: GIT
Repo: https://github.com/apache/httpd
Events: Introduced

da5873e80d6eee7a0838793bf68f1d0254745fbb

Fixed

15e7241fa52e86096ee061e1b7fca0cd8d6f53ee