CVE-2024-38477

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.59 and earlier

Description: A null pointer dereference in the mod proxy module of Apache HTTP Server allows an attacker to crash the server via a malicious request. This issue can be exploited by a remote attacker to cause a denial of service.

Recommendations: For Apache HTTP Server versions 2.4.59 and earlier, upgrade to version 2.4.60, which fixes this issue. As a temporary workaround, consider restricting access to the mod proxy module to minimize the risk of exploitation.

Fix

DoS

Improper Resource Release

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

ALSA-2024:4720

ALSA-2024:4726

ALT-PU-2024-10005

ALT-PU-2024-10192

ALT-PU-2024-10223

ALT-PU-2024-9738

BDU:2024-05194

BDU:2024-05195

BIT-APACHE-2024-38477

CESA-2024_4720

CVE-2024-38477

DSA-5729-1

INFSA-2024_4720

INFSA-2024_4726

MGASA-2024-0258

OESA-2024-1852

OESA-2024-1853

OESA-2024-1854

OESA-2024-1855

OESA-2024-1856

OPENSUSE-SU-2024:14116-1

RHSA-2024:4719

RHSA-2024:4720

RHSA-2024:4726

RHSA-2024:4820

RHSA-2024:4827

RHSA-2024:4830

RHSA-2024:4862

RHSA-2024:4863

RHSA-2024:4938

RHSA-2024:4943

RHSA-2024:5239

RHSA-2024_4720

RHSA-2024_4726

RLSA-2024:4726

ROSA-SA-2024-2515

SUSE-SU-2024:2405-1

SUSE-SU-2024:2436-1

SUSE-SU-2024:2624-1

SUSE-SU-2024_2405-1

SUSE-SU-2025:02241-1

SUSE-SU-2025_02241-1

USN-6885-1

USN-6885-2

USN-6885-3

USN-6885-4

USN-6885-6

USN-8338-1

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-38477

Weakness Enumeration

Related Identifiers

Affected Products

References · 168