Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-38473

Опубликовано: 01 июл. 2024
Источник: ubuntu
Приоритет: medium
EPSS Высокий
CVSS3: 8.1

Описание

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

РелизСтатусПримечание
devel

released

2.4.62-1ubuntu1
esm-infra-legacy/trusty

needs-triage

esm-infra/bionic

needs-triage

esm-infra/focal

not-affected

2.4.41-4ubuntu3.19
esm-infra/xenial

needs-triage

focal

released

2.4.41-4ubuntu3.19
jammy

released

2.4.52-1ubuntu4.10
mantic

released

2.4.57-2ubuntu2.5
noble

released

2.4.58-1ubuntu8.2
oracular

released

2.4.62-1ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.82303
Высокий

8.1 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-38473

CVSS3: 5.3
redhat
около 1 года назад

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

nvd логотип

CVE-2024-38473

CVSS3: 8.1
nvd
около 1 года назад

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

msrc логотип

CVE-2024-38473

CVSS3: 8.1
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2024-38473

CVSS3: 8.1
debian
около 1 года назад

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier ...

github логотип

GHSA-hrh5-4ffc-228q

CVSS3: 8.1
github
около 1 года назад

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

EPSS

Процентиль: 99%
0.82303
Высокий

8.1 High

CVSS3