Vulnerability Description
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | >= 2.4.0, < 2.4.60 |
| Netapp | Ontap | 9 |
Related Weaknesses (CWE)
References
- https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
- https://security.netapp.com/advisory/ntap-20240712-0001/Third Party Advisory
- http://www.openwall.com/lists/oss-security/2024/07/01/6Mailing List
- https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
- https://security.netapp.com/advisory/ntap-20240712-0001/Third Party Advisory
FAQ
What is CVE-2024-38473?
CVE-2024-38473 is a vulnerability with a CVSS score of 8.1 (HIGH). Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requ...
How severe is CVE-2024-38473?
CVE-2024-38473 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-38473?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Netapp Ontap.