Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-38476

Опубликовано: 01 июл. 2024
Источник: debian
EPSS Низкий

Описание

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache2fixed2.4.60-1package

Примечания

  • https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476

  • Fixed by https://github.com/apache/httpd/commit/925b6f0ceb8983a11662b5f3a6f2fa75860c2cde (trunk)

  • Fixed by https://github.com/apache/httpd/commit/554554b0ebb14d6578adb70a389c57a0d5f18a3b (2.4.60)

  • (or https://svn.apache.org/viewvc?view=revision&revision=1918560)

  • see also regression CVE-2024-39884 and CVE-2024-40725

EPSS

Процентиль: 86%
0.03061
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-38476

CVSS3: 9.8
ubuntu
больше 1 года назад

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

redhat логотип

CVE-2024-38476

CVSS3: 9.1
redhat
больше 1 года назад

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

nvd логотип

CVE-2024-38476

CVSS3: 9.8
nvd
больше 1 года назад

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

suse-cvrf логотип

SUSE-SU-2024:2560-1

suse-cvrf
больше 1 года назад

Security update for apache2

rocky логотип

RLSA-2024:5138

rocky
около 1 года назад

Important: httpd security update

EPSS

Процентиль: 86%
0.03061
Низкий