Описание
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache2 | fixed | 2.4.59-1 | package | |
| uwsgi | unfixed | package |
Примечания
https://www.openwall.com/lists/oss-security/2024/04/04/5
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795
https://github.com/apache/httpd/commit/a29723ce1af75eed0813c3717d3f6dee9b405ca8
Fix will trigger a regression at least in fossil see https://bz.apache.org/bugzilla/show_bug.cgi?id=68905
https://fossil-scm.org/home/info/a8e33fb161f45b65 (version-2.24)
https://fossil-scm.org/home/info/71919ad1b542832c (version-2.24)
https://fossil-scm.org/home/info/f4ffefe708793b03 (version-2.24)
https://fossil-scm.org/home/info/5f47bb59a7846aeb (version-2.24)
uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg}
packages which are provided by src:apache2 itself.
https://github.com/unbit/uwsgi/issues/2635
EPSS
Связанные уязвимости
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
EPSS