Описание
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache2 | fixed | 2.4.60-1 | package |
Примечания
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476
Fixed by https://github.com/apache/httpd/commit/925b6f0ceb8983a11662b5f3a6f2fa75860c2cde (trunk)
Fixed by https://github.com/apache/httpd/commit/554554b0ebb14d6578adb70a389c57a0d5f18a3b (2.4.60)
(or https://svn.apache.org/viewvc?view=revision&revision=1918560)
see also regression CVE-2024-39884 and CVE-2024-40725
EPSS
Связанные уязвимости
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
EPSS