Updated: 2025-11-10 00:24:49.506222
Description:
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | httpd | 2.4.53 | 7.5 | HIGH | Released | CLSA-2024:1724706840 | 2024-08-26 17:33:21 | |
| CentOS 6 ELS | httpd | 2.2.15 | 7.5 | HIGH | Not Vulnerable | 2024-07-25 14:25:29 | ||
| CentOS 7 ELS | httpd | 2.4.6 | 7.5 | HIGH | Released | CLSA-2024:1722003981 | 2024-08-13 14:30:36 | |
| CentOS 8.4 ELS | httpd | 2.4.37 | 7.5 | HIGH | Released | CLSA-2024:1724351412 | 2024-08-22 17:32:50 | |
| CentOS 8.5 ELS | httpd | 2.4.37 | 7.5 | HIGH | Released | CLSA-2024:1724351427 | 2024-08-22 17:32:49 | |
| CentOS Stream 8 ELS | httpd | 2.4.37 | 7.5 | HIGH | Released | CLSA-2024:1724351166 | 2024-08-22 14:31:48 | |
| CloudLinux 6 ELS | httpd | 2.2.15 | 7.5 | HIGH | Not Vulnerable | 2024-07-25 14:25:29 | ||
| CloudLinux 7 ELS | httpd | 2.4.6 | 7.5 | HIGH | Released | CLSA-2024:1724788700 | 2024-09-09 12:18:42 | |
| Debian 10 ELS | apache2 | 2.4.59 | 7.5 | HIGH | Released | CLSA-2025:1761747106 | 2025-10-29 21:11:17 | |
| Oracle Linux 6 ELS | httpd | 2.2.15 | 7.5 | HIGH | Not Vulnerable | 2024-07-25 14:25:30 |