CVE-2024-42516: HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue.

Kurzinfo

Veroeffentlicht: 2025-07-10 00:00 UTC Importiert: 2026-05-14 20:48 UTC CVSS: 7.5 Quelle-ID: apache_httpd_sec uid_hash: 408f938efe737f0ea605bab7840a520250e3ff61ebaa2fb6f71e0e40874ab4b1
Apache HTTP Server Security (httpd.org JSON)

Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2023-38709

 HIGH 7.3 - - 2024-04-04

CVE-2024-42516

 HIGH 7.5 - - 2025-07-10

Quellen-Details

Bezeichnung Name Kategorie Tags Zielgruppe Sprache Feed-URL
Apache HTTP Server Security (httpd.org JSON)

apache_httpd_sec

 vendor_advisory webserver, httpd - de https://httpd.apache.org/security/vulnerabilities-httpd.json
Zurueck zur Eintrags-Liste