CVE-2024-38477

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38477

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38477.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38477

Aliases

BIT-apache-2024-38477

Downstream

ALPINE-CVE-2024-38477

BELL-CVE-2024-38477

DEBIAN-CVE-2024-38477

DSA-5729-1

OESA-2024-1852

OESA-2024-1853

OESA-2024-1854

OESA-2024-1855

OESA-2024-1856

RHSA-2024:4719

RHSA-2024:4720

RHSA-2024:4726

RHSA-2024:4820

RHSA-2024:4827

RHSA-2024:4830

RHSA-2024:4862

RHSA-2024:4863

RHSA-2024:4938

RHSA-2024:4943

RHSA-2024:5239

RLSA-2024:4720

SUSE-SU-2024:2405-1

SUSE-SU-2024:2436-1

SUSE-SU-2024:2624-1

SUSE-SU-2025:02241-1

UBUNTU-CVE-2024-38477

USN-6885-1

USN-6885-3

openSUSE-SU-2024:14116-1

Related

Published

2024-07-01T19:15:05Z

Modified

2025-11-05T13:35:32Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type: GIT
Repo: https://github.com/apache/httpd
Events: Introduced

da5873e80d6eee7a0838793bf68f1d0254745fbb

Fixed

15e7241fa52e86096ee061e1b7fca0cd8d6f53ee