CVE-2024-38476: Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Note: Some legacy uses of the 'AddType' directive to connect a request to a handler must be ported to 'SetHandler' after this fix. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Kurzinfo

Veroeffentlicht: 2024-07-01 00:00 UTC Importiert: 2026-05-14 20:48 UTC CVSS: 9.8 Quelle-ID: apache_httpd_sec uid_hash: daa5e85795f9e8d4eaccc36c0b51e4dbbd37936bd3aa701b280a88f8f5454a63
Apache HTTP Server Security (httpd.org JSON)

Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2024-38476

 CRITICAL 9.8 - - 2024-07-01

Quellen-Details

Bezeichnung Name Kategorie Tags Zielgruppe Sprache Feed-URL
Apache HTTP Server Security (httpd.org JSON)

apache_httpd_sec

 vendor_advisory webserver, httpd - de https://httpd.apache.org/security/vulnerabilities-httpd.json
Zurueck zur Eintrags-Liste