CVE-2023-38709

EUVD-2023-42484
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

This issue affects Apache HTTP Server: through 2.4.58.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
apachehttp_server
𝑥
< 2.4.59
debiandebian_linux
10.0
broadcomfabric_operating_system
-
applemacos
𝑥
< 14.6
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
apachehttp_server
𝑥
≤ 2.4.58
ADP
Debian logo
Debian Releases
Debian Product
Codename
apache2
bookworm
2.4.62-1~deb12u2
fixed
bookworm (security)
2.4.62-1~deb12u2
fixed
bullseye
2.4.62-1~deb11u1
fixed
bullseye (security)
2.4.62-1~deb11u2
fixed
sid
2.4.62-3
fixed
trixie
2.4.62-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache2
bionic
Fixed 2.4.29-1ubuntu4.27+esm2
released
focal
Fixed 2.4.41-4ubuntu3.17
released
jammy
Fixed 2.4.52-1ubuntu4.9
released
mantic
Fixed 2.4.57-2ubuntu2.4
released
noble
Fixed 2.4.58-1ubuntu8.1
released
oracular
Fixed 2.4.58-1ubuntu8.1
released
trusty
ignored
xenial
Fixed 2.4.18-2ubuntu3.17+esm12
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apache2
suse enterprise desktop 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise desktop 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise desktop 15 SP7
2.4.62-150700.2.2
fixed
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise sap 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise sap 15 SP7
2.4.62-150700.2.2
fixed
suse enterprise server 12 SP3
2.4.23-29.103.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise server 15 SP7
2.4.62-150700.2.2
fixed
apache2-devel
suse enterprise sap 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise sap 15 SP7
2.4.62-150700.2.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise server 15 SP7
2.4.62-150700.2.1
fixed
apache2-doc
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise sap 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise sap 15 SP6
2.4.51-150400.6.17.1
fixed
suse enterprise sap 15 SP7
2.4.51-150400.6.17.1
fixed
suse enterprise server 12 SP3
2.4.23-29.103.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP6
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP7
2.4.51-150400.6.17.1
fixed
apache2-example-pages
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 12 SP3
2.4.23-29.103.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
apache2-prefork
suse enterprise desktop 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise desktop 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise desktop 15 SP7
2.4.62-150700.2.4
fixed
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise sap 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise sap 15 SP7
2.4.62-150700.2.4
fixed
suse enterprise server 12 SP3
2.4.23-29.103.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise server 15 SP7
2.4.62-150700.2.4
fixed
apache2-tls13
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
apache2-tls13-doc
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
apache2-tls13-example-pages
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
apache2-tls13-prefork
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
apache2-tls13-utils
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
apache2-tls13-worker
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
apache2-utils
suse enterprise desktop 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise sap 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise sap 15 SP7
2.4.62-150700.2.4
fixed
suse enterprise server 12 SP3
2.4.23-29.103.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise server 15 SP7
2.4.62-150700.2.4
fixed
apache2-worker
suse enterprise sap 12 SP5
2.4.51-35.41.1
fixed
suse enterprise sap 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise sap 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise sap 15 SP7
2.4.62-150700.2.4
fixed
suse enterprise server 12 SP3
2.4.23-29.103.1
fixed
suse enterprise server 12 SP5
2.4.51-35.41.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.62.1
fixed
suse enterprise server 15 SP4
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP5
2.4.51-150400.6.17.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.5.3.1
fixed
suse enterprise server 15 SP7
2.4.62-150700.2.4
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
httpd
RHEL 9
0:2.4.62-1.el9
fixed
httpd-core
RHEL 9
0:2.4.62-1.el9
fixed
httpd-devel
RHEL 9
0:2.4.62-1.el9
fixed
httpd-filesystem
RHEL 9
0:2.4.62-1.el9
fixed
httpd-manual
RHEL 9
0:2.4.62-1.el9
fixed
httpd-tools
RHEL 9
0:2.4.62-1.el9
fixed
mod
RHEL 9
1:2.4.62-1.el9
fixed
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2024/Jul/18
http://www.openwall.com/lists/oss-security/2024/04/04/3
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
https://security.netapp.com/advisory/ntap-20240415-0013/
https://support.apple.com/kb/HT214119
http://seclists.org/fulldisclosure/2024/Jul/18
http://www.openwall.com/lists/oss-security/2024/04/04/3
http://www.openwall.com/lists/oss-security/2025/07/10/2
http://www.openwall.com/lists/oss-security/2025/07/10/3
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
https://security.netapp.com/advisory/ntap-20240415-0013/
https://support.apple.com/kb/HT214119