CVE-2024-24795 - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject

CVE-2024-24795

Summary

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

References

https://httpd.apache.org/security/vulnerabilities_24.html

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

03-10-2024 - 13:15

Published

04-04-2024 - 20:15

Last modified

03-10-2024 - 13:15