Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-38473

Опубликовано: 01 июл. 2024
Источник: debian
EPSS Высокий

Описание

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache2fixed2.4.60-1package

Примечания

  • https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38473

  • https://github.com/apache/httpd/pull/457

  • https://github.com/apache/httpd/pull/458

  • Fixed by [1/4] https://github.com/apache/httpd/commit/b10cb2d69184843832d501a615abe3e8e5e256dc

  • Fixed by [2/4] https://github.com/apache/httpd/commit/6b8e043ce4f27114e6ae1b8176b629b7cb3fbbce

  • Fixed by [3/4] https://github.com/apache/httpd/commit/cc00cf6b4e37370897daddc307bf1deecf8fedfa

  • Fixed by [4/4] https://github.com/apache/httpd/commit/4326d6b9041a3bcb9b529f9163d0761c2d760700

  • Regression [1/2] bug apache: https://bz.apache.org/bugzilla/show_bug.cgi?id=69160

  • Regression [1/2] related to https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2073515

  • Regression [1/2] tracked at debian bug: https://bugs.debian.org/1076554

  • Regression [1/2] Fix: https://github.com/apache/httpd/commit/2f2f82a2225c5c3b6bb2fa4056541682e34763d4

  • Regression [2/2] bug apache: https://bz.apache.org/bugzilla/show_bug.cgi?id=69203

  • Regression [2/2] tracked at https://bugs.debian.org/1079171

EPSS

Процентиль: 99%
0.81196
Высокий

Связанные уязвимости

ubuntu логотип

CVE-2024-38473

CVSS3: 8.1
ubuntu
около 1 года назад

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

redhat логотип

CVE-2024-38473

CVSS3: 5.3
redhat
около 1 года назад

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

nvd логотип

CVE-2024-38473

CVSS3: 8.1
nvd
около 1 года назад

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

msrc логотип

CVE-2024-38473

CVSS3: 8.1
msrc
около 1 года назад

Описание отсутствует

github логотип

GHSA-hrh5-4ffc-228q

CVSS3: 8.1
github
около 1 года назад

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

EPSS

Процентиль: 99%
0.81196
Высокий