CVE-2024-24795

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-24795

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24795.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-24795

Aliases

BIT-apache-2024-24795

Downstream

ALPINE-CVE-2024-24795

BELL-CVE-2024-24795

DEBIAN-CVE-2024-24795

DLA-3818-1

DSA-5662-1

OESA-2024-1553

RHSA-2024:9306

RHSA-2025:3452

SUSE-SU-2024:1627-1

SUSE-SU-2024:1788-1

SUSE-SU-2024:1868-1

SUSE-SU-2024:1963-1

SUSE-SU-2024:3853-1

SUSE-SU-2024:3861-1

UBUNTU-CVE-2024-24795

USN-6729-1

USN-6729-2

USN-6729-3

openSUSE-SU-2024:14463-1

Related

Published

2024-04-04T20:15:08Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.

Users are recommended to upgrade to version 2.4.59, which fixes this issue.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type: GIT
Repo: https://github.com/apache/httpd
Events: Introduced

da5873e80d6eee7a0838793bf68f1d0254745fbb

Fixed

a751ae5cf6890cfd477f253390d09186386ea988