CVE-2024-38476

Updated: 2024-08-21 21:34:40.939745

Description:

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU httpd 2.4.53 9.8 CRITICAL Released CLSA-2024:1724706840 2024-08-26 17:31:06
CentOS 6 ELS httpd 2.2.15 9.8 CRITICAL Not Vulnerable 2024-08-02 08:40:22
CentOS 7 ELS httpd 2.4.6 9.8 CRITICAL Released CLSA-2024:1722003981 2024-08-13 14:28:23
CentOS 8.4 ELS httpd 2.4.37 9.8 CRITICAL Released CLSA-2024:1724351412 2024-08-22 17:30:25
CentOS 8.5 ELS httpd 2.4.37 9.8 CRITICAL Released CLSA-2024:1724351427 2024-08-22 17:30:21
CentOS Stream 8 ELS httpd 2.4.37 9.8 CRITICAL Released CLSA-2024:1724351166 2024-08-22 14:29:27
CloudLinux 6 ELS httpd 2.2.15 9.8 CRITICAL Not Vulnerable 2024-08-02 08:40:22
CloudLinux 7 ELS httpd 2.4.6 9.8 CRITICAL Released CLSA-2024:1724788700 2024-09-09 12:17:50
Oracle Linux 6 ELS httpd 2.2.15 9.8 CRITICAL Not Vulnerable 2024-08-02 08:40:22
Ubuntu 16.04 ELS apache2 2.4.18 9.8 CRITICAL Released CLSA-2024:1725012024 2024-08-30 12:15:12
Total: 11