CVE-2024-24795

Updated: 2024-07-11 21:01:15.375222

Description:

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 4

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU httpd 2.4.53 4.0 MEDIUM Released CLSA-2024:1732194710 2024-11-21 12:07:04
CentOS 7 ELS httpd 2.4.6 4.0 MEDIUM Released CLSA-2024:1725382183 2024-09-17 12:28:36
CloudLinux 7 ELS httpd 2.4.6 4.0 MEDIUM Released CLSA-2024:1726078096 2024-11-20 13:39:01
Ubuntu 16.04 ELS apache2 2.4.18 4.0 MEDIUM Released CLSA-2024:1725012024 2024-08-30 12:27:11
Ubuntu 18.04 ELS apache2 2.4.29 4.0 MEDIUM Released CLSA-2024:1728479129 2024-10-09 11:07:35