CVE-2023-38709 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
apache	CNA	---				---
CISA-ADP	ADP	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
apache	http_server	𝑥 < 2.4.59
debian	debian_linux	10.0
broadcom	fabric_operating_system	-
apple	macos	𝑥 < 14.6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

apache2

bullseye	2.4.62-1~deb11u1 fixed
bullseye (security)	2.4.62-1~deb11u2 fixed
bookworm	2.4.62-1~deb12u2 fixed
bookworm (security)	2.4.62-1~deb12u2 fixed
sid	2.4.62-3 fixed
trixie	2.4.62-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

apache2

oracular	Fixed 2.4.58-1ubuntu8.1 released
noble	Fixed 2.4.58-1ubuntu8.1 released
mantic	Fixed 2.4.57-2ubuntu2.4 released
jammy	Fixed 2.4.52-1ubuntu4.9 released
focal	Fixed 2.4.41-4ubuntu3.17 released
bionic	Fixed 2.4.29-1ubuntu4.27+esm2 released
xenial	Fixed 2.4.18-2ubuntu3.17+esm12 released
trusty	ignored

Common Weakness Enumeration

CWE-1284 - Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Vulnerability Media Exposure

[GERMAN] Apache HTTP Server: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um einen Denial of Service Angriff durchzuführen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um Dateien zu manipulieren.
Published: 2025-07-10T22:00:00+00:00

References

http://seclists.org/fulldisclosure/2024/Jul/18

http://www.openwall.com/lists/oss-security/2024/04/04/3

https://httpd.apache.org/security/vulnerabilities_24.html

https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/

https://security.netapp.com/advisory/ntap-20240415-0013/

https://support.apple.com/kb/HT214119

http://seclists.org/fulldisclosure/2024/Jul/18

http://www.openwall.com/lists/oss-security/2024/04/04/3

https://httpd.apache.org/security/vulnerabilities_24.html

https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/

https://security.netapp.com/advisory/ntap-20240415-0013/

https://support.apple.com/kb/HT214119