HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
History

Fri, 22 Nov 2024 12:00:00 +0000


Wed, 13 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Tue, 12 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-444
Metrics cvssV3_1

{'score': 4.0, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}


Thu, 03 Oct 2024 13:45:00 +0000


Thu, 03 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-04-04T19:20:48.803Z

Updated: 2024-11-12T19:48:20.007Z

Reserved: 2024-01-31T13:49:58.441Z

Link: CVE-2024-24795

cve-icon Vulnrichment

Updated: 2024-08-01T23:28:12.660Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-04T20:15:08.663

Modified: 2024-11-21T08:59:43.633

Link: CVE-2024-24795

cve-icon Redhat

Severity : Low

Publid Date: 2024-04-04T00:00:00Z

Links: CVE-2024-24795 - Bugzilla