CVE-2023-38709

Опубликовано: 04 апр. 2024

Источник: nvd

CVSS3: 7.3

EPSS Низкий

Описание

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

This issue affects Apache HTTP Server: through 2.4.58.

Ссылки

http://seclists.org/fulldisclosure/2024/Jul/18
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/04/3
Mailing List
Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240415-0013/
Third Party Advisory
https://support.apple.com/kb/HT214119
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/18
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/04/04/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/07/10/2
http://www.openwall.com/lists/oss-security/2025/07/10/3
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240415-0013/
Third Party Advisory
https://support.apple.com/kb/HT214119
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия до 2.4.59 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*

cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия до 14.6 (исключая)

EPSS

Процентиль: 87%

0.03255

Низкий

7.3 High

CVSS3

Дефекты

CWE-1284

Связанные уязвимости

CVE-2023-38709

CVSS3: 7.3

ubuntu

почти 2 года назад

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

CVE-2023-38709

CVSS3: 6.8

redhat

почти 2 года назад

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

CVE-2023-38709

CVSS3: 7.3

msrc

около 1 года назад

Описание отсутствует

CVE-2023-38709

CVSS3: 7.3

debian

почти 2 года назад

Faulty input validation in the core of Apache allows malicious or expl ...

RLSA-2024:4197

rocky

больше 1 года назад

Moderate: httpd:2.4/httpd security update

EPSS

Процентиль: 87%

0.03255

Низкий

7.3 High

CVSS3

Дефекты

CWE-1284