CVE-2024-36387

🗓️ 01 Jul 2024 19:03:15Reported by apacheType

Null pointer dereference on WebSocket protocol upgrade over HTTP/2

Reporter	Title	Published	Views	Family All 69
CNVD	Apache HTTP Server Null Pointer Dereference Vulnerability	5 Jul 202400:00	–	cnvd
Tenable Nessus	CBL Mariner 2.0 Security Update: httpd (CVE-2024-36387)	20 Jul 202400:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: httpd (CVE-2024-36387)	10 Feb 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : mod_http2 (ALSA-2024:8680)	4 Nov 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : mod_http2 (ALAS2023-2024-689)	6 Aug 202400:00	–	nessus
Tenable Nessus	RockyLinux 9 : mod_http2 (RLSA-2024:8680)	8 Nov 202400:00	–	nessus
Tenable Nessus	Fedora 40 : mod_http2 (2024-cb8acbf644)	27 Jul 202400:00	–	nessus
Tenable Nessus	Fedora 39 : mod_http2 (2024-661bb6322d)	27 Jul 202400:00	–	nessus
Tenable Nessus	Oracle Linux 9 : mod_http2 (ELSA-2024-8680)	31 Oct 202400:00	–	nessus
Tenable Nessus	RHEL 9 : mod_http2 (RHSA-2024:8680)	31 Oct 202400:00	–	nessus

Vulners

Node

apache apache_http_serverRange2.4.55–2.4.59

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache HTTP Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.4.59",
        "status": "affected",
        "version": "2.4.55",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
httpd	www.httpd.apache.org/security/vulnerabilities_24.html
security	www.security.netapp.com/advisory/ntap-20240712-0001/
openwall	www.openwall.com/lists/oss-security/2024/07/01/4

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Jul 2024 19:15Current

6.4Medium risk

Vulners AI Score6.4

CVSS35.4

EPSS0.00043

SSVC

CWE-476