Description
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
References
- MISChttps://httpd.apache.org/security/vulnerabilities_24.html
- MISChttps://security.netapp.com/advisory/ntap-20240415-0013/
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2024/04/04/3
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
- VENDOR_ADVISORYhttps://support.apple.com/kb/HT214119
- MAILING_LISThttp://seclists.org/fulldisclosure/2024/Jul/18