Lucene search
+L

14 matches found

CVE
CVE
added 2024/07/01 6:15 p.m.9536 views

CVE-2024-38476

CVE-2024-38476 concerns Apache HTTP Server 2.4.59 and earlier where backend applications emitting malicious or exploitable response headers can lead to information disclosure, SSRF, or local script execution via internal redirects. The connected advisories confirm the issue affects httpd/core beh...

9.8CVSS6.2AI score0.41611EPSS
CVE
CVE
added 2024/04/04 7:19 p.m.4958 views

CVE-2023-38709

CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...

7.3CVSS7.1AI score0.03914EPSS
CVE
CVE
added 2024/07/04 8:36 a.m.4142 views

CVE-2024-39884

CVE-2024-39884 affects Apache HTTP Server (notably 2.4.60 and older) where legacy content-type based configuration (e.g., AddType) could cause source code disclosure for indirectly requested files, potentially exposing local content (e.g., PHP scripts being served). Affected vendors consistently ...

6.2CVSS7.4AI score0.00889EPSS
CVE
CVE
added 2024/04/04 7:20 p.m.3879 views

CVE-2024-24795

CVE-2024-24795 (httpd) describes HTTP response splitting in multiple Apache HTTP Server modules when malicious response headers can be injected into backend applications, enabling HTTP desynchronization. The vulnerability is mitigated by upgrading to Apache HTTP Server 2.4.59, as indicated across...

6.3CVSS7AI score0.02874EPSS
CVE
CVE
added 2024/07/01 6:10 p.m.3224 views

CVE-2024-36387

CVE-2024-36387 affects the Apache httpd mod_http2 component: when serving WebSocket protocol upgrades over HTTP/2, it can trigger a NULL pointer dereference and crash the server, degrading performance (DoS). Connected advisories indicate patches across distributions (e.g., Debian security update ...

5.4CVSS6.4AI score0.01715EPSS
CVE
CVE
added 2024/07/01 6:14 p.m.3048 views

CVE-2024-38474

CVE-2024-38474 affects Apache HTTP Server’s mod_rewrite: substitutions that capture and substitute unsafely can be mis-encoded, enabling unintended access paths. The issue is fixed by upgrading to Apache HTTP Server 2.4.60 (and related advisories note versions 2.4.61+ as subsequent fixes). Connec...

9.8CVSS9.8AI score0.02456EPSS
CVE
CVE
added 2024/04/04 7:21 p.m.2688 views

CVE-2024-27316

CVE-2024-27316 affects the mod_http2 component used with Apache httpd; the issue occurs when HTTP/2 headers exceed the configured limit, causing nghttp2 to buffer headers and potentially leading to memory exhaustion if the client continues sending headers. Connected sources identify affected pack...

7.5CVSS7.2AI score0.91327EPSS
CVE
CVE
added 2024/07/18 9:32 a.m.2017 views

CVE-2024-40898

The CVE-2024-40898 entry describes an SSRF vulnerability in Apache HTTP Server on Windows when using mod_rewrite in the server/vhost context. The issue can allow leaking NTLM hashes to a malicious server via crafted requests. Affected software is Apache HTTP Server; the remediation is to upgrade ...

9.1CVSS7.4AI score0.01536EPSS
CVE
CVE
added 2024/07/01 6:15 p.m.1852 views

CVE-2024-38475

CVE-2024-38475 affects Apache HTTP Server 2.4.59 and earlier, where improper escaping of output in mod_rewrite can map URLs to filesystem locations that are served but not directly reachable, enabling remote code execution or source code disclosure. The issue also involves substitutions in server...

9.1CVSS9.7AI score0.99957EPSS
In wild
CVE
CVE
added 2024/07/01 6:16 p.m.1254 views

CVE-2024-38477

CVE-2024-38477 affects Apache HTTP Server 2.4.59 and earlier. The issue is a null pointer dereference in mod_proxy triggered by a malicious request, which can crash the server (Denial of Service). The published remediation is to upgrade to Apache HTTP Server 2.4.60, which fixes the issue. The CVE...

7.5CVSS8.7AI score0.03153EPSS
CVE
CVE
added 2024/07/01 6:14 p.m.1020 views

CVE-2024-38473

The CVE-2024-38473 issue affects Apache HTTP Server (mod_proxy) in versions up to 2.4.59, where improper/encoded request URL handling can allow requests to reach backends and potentially bypass authentication. Public references and advisories state the vulnerability arises from encoding problems ...

8.1CVSS8.8AI score0.25878EPSS
CVE
CVE
added 2024/07/01 6:16 p.m.892 views

CVE-2024-39573

The CVE-2024-39573 entry corresponds to Apache HTTP Server mod_rewrite/mod_proxy SSRF-related risk and is confirmed by connected sources reporting the issue in Apache httpd 2.4.59 and earlier, with a fix in 2.4.60 (and later 2.4.61 in later advisories). Root cause: unsafe RewriteRules/Substitutio...

7.5CVSS8.5AI score0.35447EPSS
CVE
CVE
added 2024/07/01 6:12 p.m.865 views

CVE-2024-38472

CVE-2024-38472 : Apache HTTP Server on Windows is vulnerable to server-side request forgery (SSRF) that could leak NTLM hashes to a malicious server via crafted requests, due to improper validation of Windows UNC/UNC paths. The issue is addressed by upgrading to Apache HTTP Server 2.4.60 (as note...

7.5CVSS8.2AI score0.6795EPSS
CVE
CVE
added 2024/07/18 9:32 a.m.373 views

CVE-2024-40725

CVE-2024-40725 affects Apache HTTP Server core (httpd) and arises from a partial fix for CVE-2024-39884 in 2.4.61 that can leak local content when legacy content-type based configuration (AddType and similar) is used, potentially serving PHP scripts as source code under indirect requests. The iss...

5.3CVSS7.4AI score0.04134EPSS