Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-38477

HistoryJul 01, 2024 - 7:15 p.m.

CVE-2024-38477

2024-07-0119:15:05

Debian Security Bug Tracker

security-tracker.debian.org

apache http server

mod_proxy

null pointer

cve-2024-38477

fix

upgrade

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

OSVersionArchitecturePackageVersionFilename
Debian12allapache2<= 2.4.59-1~deb12u1apache2_2.4.59-1~deb12u1_all.deb
Debian11allapache2<= 2.4.59-1~deb11u1apache2_2.4.59-1~deb11u1_all.deb
Debian999allapache2< 2.4.60-1apache2_2.4.60-1_all.deb
Debian13allapache2<= 2.4.59-2apache2_2.4.59-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	apache2	<= 2.4.59-1~deb12u1	apache2_2.4.59-1~deb12u1_all.deb
Debian	11	all	apache2	<= 2.4.59-1~deb11u1	apache2_2.4.59-1~deb11u1_all.deb
Debian	999	all	apache2	< 2.4.60-1	apache2_2.4.60-1_all.deb
Debian	13	all	apache2	<= 2.4.59-2	apache2_2.4.59-2_all.deb