CVE-2024-38473

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.59 and earlier

Description The issue is related to an encoding problem in the mod proxy component of the Apache HTTP Server, which can allow an attacker to send request URLs with incorrect encoding to backend services, potentially bypassing authentication via crafted requests. This could enable a remote attacker to access confidential data and cause a denial of service.

Recommendations For Apache HTTP Server versions 2.4.59 and earlier, upgrade to version 2.4.60, which fixes this issue.

Exploit

Fix

DoS

SSRF

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-116

Related Identifiers

ALSA-2024:4720

ALSA-2024:4726

ALSA-2024_4720

ALSA-2024_4726

ALT-PU-2024-10005

ALT-PU-2024-10192

ALT-PU-2024-10223

ALT-PU-2024-9738

AZL-43065

AZL-43133

BDU:2024-05354

BDU:2024-06893

BIT-APACHE-2024-38473

CESA-2024_4720

CVE-2024-38473

DSA-5729-1

ELSA-2024-4720

ELSA-2024-4726

INFSA-2024_4720

INFSA-2024_4726

MGASA-2024-0258

OESA-2024-2051

OPENSUSE-SU-2024:14116-1

OPENSUSE-SU-2024_3172-1

OPENSUSE-SU-2024_3173-1

RHSA-2024:4720

RHSA-2024:4726

RHSA-2024:5001

RHSA-2024:5239

RHSA-2024_4720

RHSA-2024_4726

RLSA-2024:4726

RLSA-2024_4720

RLSA-2024_4726

SUSE-SU-2024:2997-1

SUSE-SU-2024:2999-1

SUSE-SU-2024:3172-1

SUSE-SU-2024:3173-1

SUSE-SU-2024_2997-1

SUSE-SU-2024_2999-1

SUSE-SU-2024_3172-1

SUSE-SU-2024_3173-1

USN-6885-1

USN-6885-2

USN-6885-4

USN-6885-6

USN-8338-1

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-38473

Weakness Enumeration

Related Identifiers

Affected Products

References · 142