{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-38476", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-06-17T11:10:56.470Z", "datePublished": "2024-07-01T18:15:40.071Z", "dateUpdated": "2024-10-29T16:42:18.129Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.4.59", "status": "affected", "version": "2.4.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Orange Tsai (@orange_8361) from DEVCORE"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">backend applications whose response headers are malicious or exploitable.</span><br><br>Users are recommended to upgrade to version 2.4.60, which fixes this issue."}], "value": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via\u00a0backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue."}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-829", "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-07-01T18:15:40.071Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240712-0001/"}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2024-04-01T12:00:00.000Z", "value": "reported"}], "title": "Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "apache", "product": "http_server", "cpes": ["cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.4.59", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-29T03:55:12.524796Z", "id": "CVE-2024-38476", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T16:42:18.129Z"}}, {"title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/01/9"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-13T17:04:57.387Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/01/9"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-13T17:04:57.387Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-38476", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-29T03:55:12.524796Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"], "vendor": "apache", "product": "http_server", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.4.59"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T18:27:00.765Z"}}], "cna": {"title": "Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Orange Tsai (@orange_8361) from DEVCORE"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "important"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache HTTP Server", "versions": [{"status": "affected", "version": "2.4.0", "versionType": "semver", "lessThanOrEqual": "2.4.59"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-04-01T12:00:00.000Z", "value": "reported"}], "references": [{"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240712-0001/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via\u00a0backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">backend applications whose response headers are malicious or exploitable.</span><br><br>Users are recommended to upgrade to version 2.4.60, which fixes this issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-829", "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-07-01T18:15:40.071Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38476", "state": "PUBLISHED", "dateUpdated": "2024-10-29T16:42:18.129Z", "dateReserved": "2024-06-17T11:10:56.470Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-07-01T18:15:40.071Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADFAFBE0-CE34-4E39-A748-63D487842DB1", "versionEndIncluding": "2.4.60", "versionStartIncluding": "2.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3ED302E-F464-40DE-A976-FD518E42D95D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via\u00a0backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue."}, {"lang": "es", "value": "La vulnerabilidad en el n\u00facleo de Apache HTTP Server 2.4.59 y versiones anteriores es vulnerable a la divulgaci\u00f3n de informaci\u00f3n, SSRF o ejecuci\u00f3n de scripts locales a trav\u00e9s de aplicaciones backend cuyos encabezados de respuesta son maliciosos o explotables. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.4.60, que soluciona este problema."}], "id": "CVE-2024-38476", "lastModified": "2024-10-29T17:35:06.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-01T19:15:04.977", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240712-0001/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-829"}], "source": "security@apache.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-httpd-0:2.4.57-13.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_http2-0:1.15.19-41.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_jk-0:1.2.49-11.redhat_1.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_md-1:2.4.24-11.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-8.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_security-0:2.9.3-40.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.57-13.el7jbcs", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_http2-0:1.15.19-41.el7jbcs", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.49-11.redhat_1.el7jbcs", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_md-1:2.4.24-11.el7jbcs", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_proxy_cluster-0:1.3.20-8.el7jbcs", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5239", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.3-40.el7jbcs", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:6584", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "httpd-0:2.4.6-90.el7_7.5", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:7101", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "httpd-0:2.4.6-99.el7_9.3", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-09-25T00:00:00Z"}, {"advisory": "RHSA-2024:5193", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "httpd:2.4-8100020240807144746.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-12T00:00:00Z"}, {"advisory": "RHSA-2024:6583", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "httpd:2.4-8020020240821201937.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6467", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "httpd:2.4-8040020240821201239.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6467", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "httpd:2.4-8040020240821201239.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6467", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "httpd:2.4-8040020240821201239.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6468", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "httpd:2.4-8060020240820194205.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6468", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "httpd:2.4-8060020240820194205.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6468", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "httpd:2.4-8060020240820194205.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-09-09T00:00:00Z"}, {"advisory": "RHSA-2024:6136", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "httpd:2.4-8080020240820193327.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:5138", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "httpd-0:2.4.57-11.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5832", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "httpd-0:2.4.51-7.el9_0.8", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:5812", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "httpd-0:2.4.53-11.el9_2.11", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-26T00:00:00Z"}, {"advisory": "RHSA-2024:5240", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "jbcs-httpd24-httpd", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2024-08-13T00:00:00Z"}], "bugzilla": {"description": "httpd: Security issues via\u00a0backend applications whose response headers are malicious or exploitable", "id": "2295015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295015"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-829", "details": ["Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via\u00a0backend applications whose response headers are malicious or exploitable.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.", "A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2024-38476", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Affected", "package_name": "httpd", "product_name": "Red Hat JBoss Core Services"}], "public_date": "2024-07-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38476\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38476\nhttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476"], "statement": "This flaw can only be exploited by backend applications via malicious or exploitable response headers. For this reason, this flaw was rated with an important and not critical severity.\nRed Hat Enterprise Linux 6 is not affected by this vulnerability because the vulnerable code was introduced in a newer version of httpd.", "threat_severity": "Important"}