csaf_certbund - wid-sec-w-2024-0801

wid-sec-w-2024-0801

Vulnerability from csaf_certbund

Published

2024-04-04 22:00

Modified

2024-11-21 23:00

Summary

Apache HTTP Server: Mehrere Schwachstellen ermöglichen Manipulation von Daten

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apache ist ein Webserver für verschiedene Plattformen.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um Daten zu manipulieren.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache ist ein Webserver f\u00fcr verschiedene Plattformen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0801 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0801.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0801 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0801"
      },
      {
        "category": "external",
        "summary": "Apache 2.4.59 Changes vom 2024-04-04",
        "url": "https://downloads.apache.org/httpd/CHANGES_2.4.59"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7147925 vom 2024-04-10",
        "url": "https://www.ibm.com/support/pages/node/7147925"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6729-1 vom 2024-04-11",
        "url": "https://ubuntu.com/security/notices/USN-6729-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5662 vom 2024-04-16",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00070.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7148492 vom 2024-04-17",
        "url": "https://www.ibm.com/support/pages/node/7148492"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-C2F6576348 vom 2024-04-18",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c2f6576348"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-937BE154D8 vom 2024-04-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-937be154d8"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6729-2 vom 2024-04-17",
        "url": "https://ubuntu.com/security/notices/USN-6729-2"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-D0DCCD6B96 vom 2024-04-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-d0dccd6b96"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7148975 vom 2024-04-22",
        "url": "https://www.ibm.com/support/pages/node/7148975"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6729-3 vom 2024-04-29",
        "url": "https://ubuntu.com/security/notices/USN-6729-3"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1627-1 vom 2024-05-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018514.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3818 vom 2024-05-25",
        "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000139764 vom 2024-05-24",
        "url": "https://my.f5.com/manage/s/article/K000139764"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3819 vom 2024-05-25",
        "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1788-1 vom 2024-05-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018605.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1963-1 vom 2024-06-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018665.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7158641 vom 2024-06-25",
        "url": "https://www.ibm.com/support/pages/node/7158641"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7159010 vom 2024-06-27",
        "url": "https://www.ibm.com/support/pages/node/7159010"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2532 vom 2024-06-28",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2532.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4197 vom 2024-07-01",
        "url": "https://access.redhat.com/errata/RHSA-2024:4197"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-4197 vom 2024-07-02",
        "url": "https://linux.oracle.com/errata/ELSA-2024-4197.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1868-1 vom 2024-07-31",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019070.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
        "url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "DELL Security Update for Dell PowerScale OneFS",
        "url": "https://www.dell.com/support/kbdoc/en-us/000228207/dsa-2024-346-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:6928 vom 2024-09-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:6928"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:6927 vom 2024-09-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:6927"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202409-31 vom 2024-09-28",
        "url": "https://security.gentoo.org/glsa/202409-31"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-423 vom 2024-10-11",
        "url": "https://www.dell.com/support/kbdoc/de-de/000235068/dsa-2024-423-security-update-for-dell-networker-and-networker-management-console-nmc-multiple-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7173018 vom 2024-10-14",
        "url": "https://www.ibm.com/support/pages/node/7173018"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3853-1 vom 2024-10-31",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GDIAJ27VL2K243BWSBUC7E6Y4HBYRCG7/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3861-1 vom 2024-11-01",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ZWV2MVSBRL4AIHT5O6LIOEUFMOC3TUBS/"
      },
      {
        "category": "external",
        "summary": "HCL Security Advisory",
        "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0115052"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:9306 vom 2024-11-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:9306"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX24-017 vom 2024-11-21",
        "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache HTTP Server: Mehrere Schwachstellen erm\u00f6glichen Manipulation von Daten",
    "tracking": {
      "current_release_date": "2024-11-21T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-22T10:07:08.730+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-0801",
      "initial_release_date": "2024-04-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-04-08T22:00:00.000+00:00",
          "number": "2",
          "summary": "Bewertung angepasst"
        },
        {
          "date": "2024-04-10T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-04-11T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-04-17T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM, Fedora und Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-21T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-13T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-26T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Debian und F5 aufgenommen"
        },
        {
          "date": "2024-05-27T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-10T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-24T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-06-27T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-06-30T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-07-01T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-07-31T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-05T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-09-01T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-09-24T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-09-29T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2024-10-10T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-10-13T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-10-31T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-03T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von HCL aufgenommen"
        },
        {
          "date": "2024-11-11T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-11-21T23:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von XEROX aufgenommen"
        }
      ],
      "status": "final",
      "version": "27"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.4.59",
                "product": {
                  "name": "Apache HTTP Server \u003c2.4.59",
                  "product_id": "T033904"
                }
              },
              {
                "category": "product_version",
                "name": "2.4.59",
                "product": {
                  "name": "Apache HTTP Server 2.4.59",
                  "product_id": "T033904-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:http_server:2.4.59"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "HTTP Server"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Dell NetWorker",
                "product": {
                  "name": "Dell NetWorker",
                  "product_id": "T024663",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c19.10.0.5",
                "product": {
                  "name": "Dell NetWorker \u003c19.10.0.5",
                  "product_id": "T038270"
                }
              },
              {
                "category": "product_version",
                "name": "19.10.0.5",
                "product": {
                  "name": "Dell NetWorker 19.10.0.5",
                  "product_id": "T038270-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:19.10.0.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          },
          {
            "category": "product_name",
            "name": "Dell PowerScale",
            "product": {
              "name": "Dell PowerScale",
              "product_id": "T034610",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:powerscale_onefs:onefs"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "17.1.0-17.1.1",
                "product": {
                  "name": "F5 BIG-IP 17.1.0-17.1.1",
                  "product_id": "T034899",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:17.1.0_-_17.1.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "16.1.0-16.1.4",
                "product": {
                  "name": "F5 BIG-IP 16.1.0-16.1.4",
                  "product_id": "T034901",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:16.1.0_-_16.1.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15.1.0-15.1.10",
                "product": {
                  "name": "F5 BIG-IP 15.1.0-15.1.10",
                  "product_id": "T034902",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:15.1.0_-_15.1.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BIG-IP"
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.x",
                "product": {
                  "name": "HCL Commerce 8.x",
                  "product_id": "T038745",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:8.x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.0-9.0.1.21",
                "product": {
                  "name": "HCL Commerce 9.0-9.0.1.21",
                  "product_id": "T038746",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:9.0_-_9.0.1.21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.1.0-9.1.15",
                "product": {
                  "name": "HCL Commerce 9.1.0-9.1.15",
                  "product_id": "T038747",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.15"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Commerce"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T019704",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.5",
                "product": {
                  "name": "IBM HTTP Server 8.5",
                  "product_id": "T003676",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:http_server:8.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "IBM HTTP Server 9.0",
                  "product_id": "T008162",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:http_server:9.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "HTTP Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.0.0.27",
                "product": {
                  "name": "IBM Rational Build Forge \u003c8.0.0.27",
                  "product_id": "T038286"
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0.27",
                "product": {
                  "name": "IBM Rational Build Forge 8.0.0.27",
                  "product_id": "T038286-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.27"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational Build Forge"
          },
          {
            "category": "product_name",
            "name": "IBM Rational ClearCase",
            "product": {
              "name": "IBM Rational ClearCase",
              "product_id": "T004180",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:rational_clearcase:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Rational ClearQuest",
            "product": {
              "name": "IBM Rational ClearQuest",
              "product_id": "5168",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:rational_clearquest:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.3.0.7",
                "product": {
                  "name": "IBM Tivoli Monitoring 6.3.0.7",
                  "product_id": "342008",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Monitoring"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v9",
                "product": {
                  "name": "Xerox FreeFlow Print Server v9",
                  "product_id": "T015632",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38709",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache HTTP Server. Diese ist auf einen Fehler bei der Validierung von Eingaben zur\u00fcckzuf\u00fchren. In Folge ist es m\u00f6glich HTTP Antworten zu splitten. Ein Angreifer kann diese Schwachstelle ausnutzen, um Daten zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038747",
          "67646",
          "T034902",
          "T038746",
          "5168",
          "T034901",
          "T038745",
          "T004914",
          "T038286",
          "T024663",
          "398363",
          "T033904",
          "342008",
          "T034899",
          "T034610",
          "T003676",
          "T015632",
          "T012167",
          "74185",
          "T014381",
          "2951",
          "T002207",
          "T000126",
          "T019704",
          "T038270",
          "T004180",
          "T008162"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-38709"
    },
    {
      "cve": "CVE-2024-24795",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt eine Schwachstelle im Apache HTTP Server. Es ist m\u00f6glich, b\u00f6sartige Response-Header in Backend-Anwendungen zu injizieren. Ein Angreifer kann dies ausnutzen, um einen HTTP-Desynchronisationsangriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038747",
          "67646",
          "T034902",
          "T038746",
          "5168",
          "T034901",
          "T038745",
          "T004914",
          "T038286",
          "T024663",
          "398363",
          "T033904",
          "342008",
          "T034899",
          "T034610",
          "T003676",
          "T015632",
          "T012167",
          "74185",
          "T014381",
          "2951",
          "T002207",
          "T000126",
          "T019704",
          "T038270",
          "T004180",
          "T008162"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-24795"
    }
  ]
}

cve-2023-38709

Vulnerability from cvelistv5

Published

2024-04-04 19:19

Modified

2024-11-05 19:38

Severity ?

Summary

Apache HTTP Server: HTTP response splitting

References

▼	URL	Tags
	https://httpd.apache.org/security/vulnerabilities_24.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240415-0013/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
	http://www.openwall.com/lists/oss-security/2024/04/04/3
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
	https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
	https://support.apple.com/kb/HT214119
	http://seclists.org/fulldisclosure/2024/Jul/18

Impacted products

Vendor

Product

Version

▼

Apache Software Foundation

Apache HTTP Server

Version: 0 ≤ 2.4.58

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "http_server",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "2.4.58",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-38709",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-05T13:57:02.091077Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1284",
                "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T19:38:10.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240415-0013/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/04/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214119"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.58",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Orange Tsai (@orange_8361) from DEVCORE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache HTTP Server: through 2.4.58.\u003cbr\u003e"
            }
          ],
          "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\n\nThis issue affects Apache HTTP Server: through 2.4.58."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "HTTP response splitting",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-04T19:19:35.467Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240415-0013/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/04/3"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
        },
        {
          "url": "https://support.apple.com/kb/HT214119"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-06-26T00:00:00.000Z",
          "value": "reported"
        }
      ],
      "title": "Apache HTTP Server: HTTP response splitting",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-38709",
    "datePublished": "2024-04-04T19:19:35.467Z",
    "dateReserved": "2023-07-24T17:51:18.042Z",
    "dateUpdated": "2024-11-05T19:38:10.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-24795

Vulnerability from cvelistv5

Published

2024-04-04 19:20

Modified

2024-11-12 19:48

Severity ?

Summary

Apache HTTP Server: HTTP Response Splitting in multiple modules

References

▼	URL	Tags
	https://httpd.apache.org/security/vulnerabilities_24.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Apache Software Foundation

Apache HTTP Server

Version: 2.4.0 ≤ 2.4.58

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-24795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T19:38:36.908335Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-444",
                "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T19:48:20.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:28:12.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240415-0013/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/04/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214119"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.58",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Keran Mu, Tsinghua University and Zhongguancun Laboratory."
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Jianjun Chen, Tsinghua University and Zhongguancun Laboratory."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.59, which fixes this issue."
            }
          ],
          "value": "HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.\n\nUsers are recommended to upgrade to version 2.4.59, which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-113",
              "description": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-03T12:16:15.822Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-09-06T11:37:00.000Z",
          "value": "Reported to security team"
        }
      ],
      "title": "Apache HTTP Server: HTTP Response Splitting in multiple modules",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-24795",
    "datePublished": "2024-04-04T19:20:48.803Z",
    "dateReserved": "2024-01-31T13:49:58.441Z",
    "dateUpdated": "2024-11-12T19:48:20.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2024-0801

Vulnerability from csaf_certbund

cve-2023-38709

Vulnerability from cvelistv5

cve-2024-24795

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature