CVE-2024-24795

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.59

Description The issue is related to HTTP Response splitting in multiple modules in Apache HTTP Server, which allows an attacker to inject malicious response headers into backend applications, causing an HTTP desynchronization attack. This can be exploited by a remote attacker.

Recommendations To resolve the issue, upgrade to version 2.4.59, which fixes this issue. As a temporary workaround, consider restricting access to vulnerable modules to minimize the risk of exploitation.

Exploit

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444CWE-113

Related Identifiers

ALSA-2024:9306

ALT-PU-2024-5986

ALT-PU-2024-5990

ALT-PU-2024-6193

ALT-PU-2024-6194

AZL-39997

AZL-40040

BDU:2024-03102

BIT-APACHE-2024-24795

CVE-2024-24795

DLA-3818-1

DLA-3819-1

DLA-4158-1

DSA-5662-1

INFSA-2024_9306

MGASA-2024-0118

OESA-2024-1553

OPENSUSE-SU-2024:14463-1

OPENSUSE-SU-2024_1963-1

OPENSUSE-SU-2024_3853-1

OPENSUSE-SU-2024_3861-1

RHSA-2024:9306

RHSA-2024_9306

RHSA-2025:3452

RLSA-2024:9306

SUSE-SU-2024:1627-1

SUSE-SU-2024:1788-1

SUSE-SU-2024:1868-1

SUSE-SU-2024:1963-1

SUSE-SU-2024:3853-1

SUSE-SU-2024:3861-1

USN-6729-1

USN-6729-2

USN-6729-3

USN-8338-1

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Debian

Linuxmint

Apple Macos

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-24795

Weakness Enumeration

Related Identifiers

Affected Products

References · 118