CVE-2024-42516
EUVD-2024-5477510.07.2025, 17:15
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | http_server | 2.4.0 ≤ 𝑥 < 2.4.64 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apache2 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apache2 |
| ||||||||||||||||||||||||||||
| apache2-devel |
| ||||||||||||||||||||||||||||
| apache2-doc |
| ||||||||||||||||||||||||||||
| apache2-example-pages |
| ||||||||||||||||||||||||||||
| apache2-prefork |
| ||||||||||||||||||||||||||||
| apache2-tls13 |
| ||||||||||||||||||||||||||||
| apache2-tls13-devel |
| ||||||||||||||||||||||||||||
| apache2-tls13-doc |
| ||||||||||||||||||||||||||||
| apache2-tls13-example-pages |
| ||||||||||||||||||||||||||||
| apache2-tls13-prefork |
| ||||||||||||||||||||||||||||
| apache2-tls13-utils |
| ||||||||||||||||||||||||||||
| apache2-tls13-worker |
| ||||||||||||||||||||||||||||
| apache2-utils |
| ||||||||||||||||||||||||||||
| apache2-worker |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| httpd |
| ||||
| httpd-core |
| ||||
| httpd-core-debuginfo |
| ||||
| httpd-debuginfo |
| ||||
| httpd-debugsource |
| ||||
| httpd-devel |
| ||||
| httpd-filesystem |
| ||||
| httpd-manual |
| ||||
| httpd-tools |
| ||||
| httpd-tools-debuginfo |
| ||||
| mod_ldap |
| ||||
| mod_ldap-debuginfo |
| ||||
| mod_lua |
| ||||
| mod_lua-debuginfo |
| ||||
| mod_md |
| ||||
| mod_proxy_html |
| ||||
| mod_proxy_html-debuginfo |
| ||||
| mod_session |
| ||||
| mod_session-debuginfo |
| ||||
| mod_ssl |
| ||||
| mod_ssl-debuginfo |
|
Azure Linux Releases
Common Weakness Enumeration