CVE-2024-38473

Updated: 2024-07-11 08:47:52.939978

Description:

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU httpd 2.4.53 5.3 MEDIUM In Testing 2024-07-17 10:20:51
CentOS 6 ELS httpd 2.2.15 5.3 MEDIUM In Progress 2024-07-12 10:16:38
CentOS 7 ELS httpd 2.4.6 5.3 MEDIUM In Progress 2024-07-12 10:16:38
CentOS 8.4 ELS httpd 2.4.37 5.3 MEDIUM In Testing 2024-07-18 11:23:13
CentOS 8.5 ELS httpd 2.4.37 5.3 MEDIUM In Progress 2024-07-12 10:16:38
CentOS Stream 8 ELS httpd 2.4.37 5.3 MEDIUM In Progress 2024-07-12 10:16:38
CloudLinux 6 ELS httpd 2.2.15 5.3 MEDIUM In Progress 2024-07-12 10:16:38
Oracle Linux 6 ELS httpd 2.2.15 5.3 MEDIUM In Progress 2024-07-12 10:16:38