HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
Users are recommended to upgrade to version 2.4.59, which fixes this issue.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Wed, 13 Nov 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:9 | |
Vendors & Products |
Redhat
Redhat enterprise Linux |
Tue, 12 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-444 | |
Metrics |
cvssV3_1
|
cvssV3_1
|
Thu, 03 Oct 2024 13:45:00 +0000
Thu, 03 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-04-04T19:20:48.803Z
Updated: 2024-11-12T19:48:20.007Z
Reserved: 2024-01-31T13:49:58.441Z
Link: CVE-2024-24795
Vulnrichment
Updated: 2024-08-01T23:28:12.660Z
NVD
Status : Awaiting Analysis
Published: 2024-04-04T20:15:08.663
Modified: 2024-11-21T08:59:43.633
Link: CVE-2024-24795
Redhat