Apache HTTP Server is vulnerable to HTTP Response splitting. The vulnerability is due to inadequate handling of malicious response headers, allowing an attacker to inject headers into backend applications and cause an HTTP desynchronization attack.
seclists.org/fulldisclosure/2024/Jul/18
www.openwall.com/lists/oss-security/2024/04/04/5
httpd.apache.org/security/vulnerabilities_24.html
lists.debian.org/debian-lts-announce/2024/05/msg00013.html
lists.debian.org/debian-lts-announce/2024/05/msg00014.html
lists.fedoraproject.org/archives/list/[email protected]/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
lists.fedoraproject.org/archives/list/[email protected]/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
lists.fedoraproject.org/archives/list/[email protected]/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/main.yaml
secdb.alpinelinux.org/v3.19/main.yaml
security.netapp.com/advisory/ntap-20240415-0013/
support.apple.com/kb/HT214119