CVE-2024-24795 — MEDIUM (6.3)

Q: How severe is CVE-2024-24795?

CVE-2024-24795 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-24795?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Debian Debian Linux, Fedoraproject Fedora, Netapp Ontap, Netapp Ontap Tools.

Vulnerability Description

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 2.4.0, < 2.4.59
Debian	Debian Linux	10.0
Fedoraproject	Fedora	38
Netapp	Ontap	9
Netapp	Ontap Tools	10
Broadcom	Fabric Operating System	-
Apple	Macos	< 14.6

Related Weaknesses (CWE)

CWE-444 CWE-113

References

https://httpd.apache.org/security/vulnerabilities_24.htmlRelease NotesVendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/18Mailing List
http://www.openwall.com/lists/oss-security/2024/04/04/5Mailing List
https://httpd.apache.org/security/vulnerabilities_24.htmlRelease NotesVendor Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00014.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]Third Party Advisory
https://security.netapp.com/advisory/ntap-20240415-0013/Third Party Advisory
https://support.apple.com/kb/HT214119Third Party Advisory

FAQ

What is CVE-2024-24795?

CVE-2024-24795 is a vulnerability with a CVSS score of 6.3 (MEDIUM). HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Us...

How severe is CVE-2024-24795?

CVE-2024-24795 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-24795?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Debian Debian Linux, Fedoraproject Fedora, Netapp Ontap, Netapp Ontap Tools.