Vulnerability Description
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | >= 2.4.0, < 2.4.60 |
| Netapp | Clustered Data Ontap | 9.0 |
Related Weaknesses (CWE)
References
- https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
- https://security.netapp.com/advisory/ntap-20240712-0001/Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Oct/11
- http://www.openwall.com/lists/oss-security/2024/07/01/9Mailing ListThird Party Advisory
- https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
- https://security.netapp.com/advisory/ntap-20240712-0001/Third Party Advisory
FAQ
What is CVE-2024-38476?
CVE-2024-38476 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or...
How severe is CVE-2024-38476?
CVE-2024-38476 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-38476?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Netapp Clustered Data Ontap.