CVE-2024-38473

🗓️ 01 Jul 2024 18:14:21Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 995 Views🌐 WEB

Apache HTTP Server mod_proxy encoding bypass

Reporter	Title	Published	Views	Family All 192
GithubExploit	Exploit for Improper Encoding or Escaping of Output in Apache Http_Server	23 Aug 202414:39	–	githubexploit
IBM Security Bulletins	Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server	29 Jul 202414:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker obtaining sensitive information, bypassing security restrictions, and a server-side request forgery due to multiple vulnerabilities.	8 Dec 202414:16	–	ibm
IBM Security Bulletins	Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.	22 May 202521:25	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38473) affects Power HMC.	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573]	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability with Apache HTTP, OpendJDK, python3 and spring-web affect IBM Cloud Object Storage Systems (Sept 2024v1)	19 Sep 202403:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps	15 Apr 202503:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to bypass security restrictions CVE-2024-38473	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server.	26 Jul 202413:13	–	ibm

NVD

Vulners

Vulnrichment

Node

apache http_serverRange2.4.0–2.4.60

Node

netapp ontapMatch9

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache HTTP Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.4.59",
        "status": "affected",
        "version": "2.4.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
httpd	www.httpd.apache.org/security/vulnerabilities_24.html
security	www.security.netapp.com/advisory/ntap-20240712-0001/
openwall	www.openwall.com/lists/oss-security/2024/07/01/6

Parameter	Position	Path	Description	CWE
admin.php%3fooo.php	path	admin.php%3fooo.php	Bypass ACLs via filename confusion by sending a request where the filename portion includes a ? to trigger incorrect interpretation and reach a protected PHP file.	CWE-116
index.php	path	index.php	Identify presence of index.php as part of vulnerability assessment flow.	CWE-116
index.html	path	index.html	Identify presence of index.html as part of vulnerability assessment flow.	CWE-116
index.htm	path	index.htm	Identify presence of index.htm as part of vulnerability assessment flow.	CWE-116
info.php	path	info.php	Test accessible PHP info page in testing environment to verify server behavior.	CWE-116

17 Jun 2026 07:40Current

8.8High risk

Vulners AI Score8.8

CVSS 3.18.1

EPSS0.25878

SSVC

CWE-116