HTTP Response splitting in multiple modules in Apache HTTP Server allows an
attacker that can inject malicious response headers into backend
applications to cause an HTTP desynchronization attack. Users are
recommended to upgrade to version 2.4.59, which fixes this issue.
Author | Note |
---|---|
leosilva | after this update reports were made that fossil package stopped to work properly (LP: #2064509). |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | apache2 | < 2.4.29-1ubuntu4.27+esm2 | UNKNOWN |
ubuntu | 20.04 | noarch | apache2 | < 2.4.41-4ubuntu3.17 | UNKNOWN |
ubuntu | 22.04 | noarch | apache2 | < 2.4.52-1ubuntu4.9 | UNKNOWN |
ubuntu | 23.10 | noarch | apache2 | < 2.4.57-2ubuntu2.4 | UNKNOWN |
ubuntu | 24.04 | noarch | apache2 | < 2.4.58-1ubuntu8.1 | UNKNOWN |
ubuntu | 14.04 | noarch | apache2 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | apache2 | < 2.4.18-2ubuntu3.17+esm12 | UNKNOWN |
httpd.apache.org/security/vulnerabilities_24.html
httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795
launchpad.net/bugs/cve/CVE-2024-24795
nvd.nist.gov/vuln/detail/CVE-2024-24795
security-tracker.debian.org/tracker/CVE-2024-24795
ubuntu.com/security/notices/USN-6729-1
ubuntu.com/security/notices/USN-6729-2
ubuntu.com/security/notices/USN-6729-3
www.cve.org/CVERecord?id=CVE-2024-24795
www.openwall.com/lists/oss-security/2024/04/04/5