Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

GoogleOSV:CVE-2023-38709

HistoryApr 04, 2024 - 8:15 p.m.

Vulners
/
Osv
/
CVE-2023-38709

CVE-2023-38709

2024-04-0420:15:08

Google

osv.dev

apache

input validation

http responses

cve-2023-38709

software

AI Score

5.9

Confidence

High

EPSS

Percentile

10.3%

JSON

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

This issue affects Apache HTTP Server: through 2.4.58.

References

seclists.org/fulldisclosure/2024/Jul/18

www.openwall.com/lists/oss-security/2024/04/04/3

httpd.apache.org/security/vulnerabilities_24.html

lists.debian.org/debian-lts-announce/2024/05/msg00013.html

lists.fedoraproject.org/archives/list/[email protected]/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/

lists.fedoraproject.org/archives/list/[email protected]/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/

lists.fedoraproject.org/archives/list/[email protected]/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/

security.alpinelinux.org/vuln/CVE-2023-38709

security.netapp.com/advisory/ntap-20240415-0013/

support.apple.com/kb/HT214119

debiancve 1

almalinux 1

osv 9

nessus 45

ubuntucve 1

cbl_mariner 2

nvd 1

rocky 1

veracode 1

hackerone 1

f5 1

redhatcve 1

oraclelinux 1

redhat 3

alpinelinux 1

cve 1

cvelist 1

vulnrichment 1

fedora 3

redos 1

ibm 9

openvas 34

amazon 1

ubuntu 3

kaspersky 1

slackware 1

mageia 1

debian 2

apple 1

oracle 1

debiancve

CVE-2023-38709

2024-04-04 20:15:08

almalinux

Moderate: httpd:2.4/httpd security update

2024-07-01 00:00:00

osv

Moderate: httpd:2.4/httpd security update

2024-07-02 14:10:24

Moderate: httpd:2.4/httpd security update

2024-07-01 00:00:00

BIT-apache-2023-38709

2024-04-06 18:17:43

nessus

Oracle Linux 8 : httpd:2.4/httpd (ELSA-2024-4197)

2024-07-01 00:00:00

AlmaLinux 8 : httpd:2.4/httpd (ALSA-2024:4197)

2024-07-02 00:00:00

CBL Mariner 2.0 Security Update: httpd (CVE-2023-38709)

2024-08-16 00:00:00

ubuntucve

CVE-2023-38709

2024-04-04 00:00:00

cbl_mariner

CVE-2023-38709 affecting package httpd for versions less than 2.4.59-1

2024-05-06 17:48:02

CVE-2023-38709 affecting package httpd for versions less than 2.4.61-1

2024-08-14 20:43:58

nvd

CVE-2023-38709

2024-04-04 20:15:08

rocky

httpd:2.4/httpd security update

2024-07-02 14:10:24

veracode

Improper Input Validation

2024-04-10 21:15:17

hackerone

Internet Bug Bounty: moderate: Apache HTTP Server: HTTP response splitting (CVE-2023-38709)

2024-07-03 06:52:53

K000139764: Apache HTTPD vulnerability CVE-2023-38709

2024-05-24 00:00:00

redhatcve

CVE-2023-38709

2024-04-04 19:32:04

oraclelinux

httpd:2.4/httpd security update

2024-07-01 00:00:00

redhat

(RHSA-2024:4197) Moderate: httpd:2.4/httpd security update

2024-07-01 07:48:37

(RHSA-2024:6927) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update

2024-09-24 11:41:11

(RHSA-2024:6928) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update

2024-09-24 11:47:15

alpinelinux

CVE-2023-38709

2024-04-04 20:15:08

cve

CVE-2023-38709

2024-04-04 20:15:08

cvelist

CVE-2023-38709 Apache HTTP Server: HTTP response splitting

2024-04-04 19:19:35

vulnrichment

CVE-2023-38709 Apache HTTP Server: HTTP response splitting

2024-04-04 19:19:35

fedora

[SECURITY] Fedora 40 Update: httpd-2.4.59-2.fc40

2024-04-19 21:45:00

[SECURITY] Fedora 39 Update: httpd-2.4.59-2.fc39

2024-05-03 01:33:21

[SECURITY] Fedora 38 Update: httpd-2.4.59-2.fc38

2024-05-04 02:19:58

redos

ROS-20240726-05

2024-07-26 00:00:00

ibm

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server in IBM Rational ClearQuest (CVE-2024-24795, CVE-2023-38709)

2024-04-22 11:02:48

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting attacks [CVE-2023-38709, CVE-2024-24795].

2024-07-22 20:53:59

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-38709, CVE-2024-24795)

2024-04-10 18:17:52

openvas

Fedora: Security Advisory (FEDORA-2024-937be154d8)

2024-05-27 00:00:00

Fedora: Security Advisory for httpd (FEDORA-2024-c2f6576348)

2024-05-27 00:00:00

Fedora: Security Advisory (FEDORA-2024-d0dccd6b96)

2024-05-27 00:00:00

amazon

Medium: httpd

2024-04-24 22:15:00

ubuntu

Apache HTTP Server vulnerabilities

2024-04-11 00:00:00

Apache HTTP Server vulnerabilities

2024-04-29 00:00:00

Apache HTTP Server vulnerabilities

2024-04-17 00:00:00

kaspersky

KLA65470 Multiple vulnerabilities in Apache HTTP Server

2024-04-04 00:00:00

slackware

[slackware-security] httpd

2024-04-04 19:16:44

mageia

Updated apache packages fix security vulnerabilities

2024-04-10 07:03:52

debian

[SECURITY] [DSA 5662-1] apache2 security update

2024-04-16 18:32:07

[SECURITY] [DLA 3818-1] apache2 security update

2024-05-25 11:06:45

apple

About the security content of macOS Sonoma 14.6

2024-07-29 00:00:00

oracle

Oracle Critical Patch Update Advisory - July 2024

2024-07-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

5.9

Confidence

High

EPSS

Percentile

10.3%

JSON

Related for OSV:CVE-2023-38709