BIT-apache-2024-38476

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2024-38476.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-apache-2024-38476

Aliases

CVE-2024-38476

Published

2024-07-03T07:16:44.458Z

Modified

2024-08-22T19:58:07.809Z

Summary

[none]

Details

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.Users are recommended to upgrade to version 2.4.60, which fixes this issue.

References

https://httpd.apache.org/security/vulnerabilities_24.html
https://security.netapp.com/advisory/ntap-20240712-0001/

Affected packages

Bitnami / apache

Package

Name: apache
Purl: pkg:bitnami/apache

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.4.0

Fixed

2.4.60