CVE-2024-42516
EUVD-2024-5477510.07.2025, 17:15
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | http_server | 2.4.0 ≤ 𝑥 < 2.4.64 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apache2 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apache2 |
| ||||||||||||||||||||||||||||
| apache2-devel |
| ||||||||||||||||||||||||||||
| apache2-doc |
| ||||||||||||||||||||||||||||
| apache2-example-pages |
| ||||||||||||||||||||||||||||
| apache2-prefork |
| ||||||||||||||||||||||||||||
| apache2-tls13 |
| ||||||||||||||||||||||||||||
| apache2-tls13-devel |
| ||||||||||||||||||||||||||||
| apache2-tls13-doc |
| ||||||||||||||||||||||||||||
| apache2-tls13-example-pages |
| ||||||||||||||||||||||||||||
| apache2-tls13-prefork |
| ||||||||||||||||||||||||||||
| apache2-tls13-utils |
| ||||||||||||||||||||||||||||
| apache2-tls13-worker |
| ||||||||||||||||||||||||||||
| apache2-utils |
| ||||||||||||||||||||||||||||
| apache2-worker |
|
Common Weakness Enumeration