Launchpad CVE tracker

CVE 2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Related bugs and status

CVE-2024-24795 (Candidate) is related to these bugs:

Bug #2063187: [Debian] High CVE: CVE-2023-31122/CVE-2023-38709/.../CVE-2024-24795/CVE-2024-27316 apache2 : multiple CVEs

Summary				In	Importance	Status
	2063187	[Debian] High CVE: CVE-2023-31122/CVE-2023-38709/.../CVE-2024-24795/CVE-2024-27316 apache2 : multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://security.netap...
FEDORA: FEDORA-2024-937be154d8
MISC: https://httpd.apache.o...

Launchpad.net

CVE 2024-24795

Related bugs and status

Related bugs

References