CVE-2023-38709

CVE-2023-38709: Apache HTTP Server: HTTP response splitting

Vendor Apache Software Foundation

Product Apache HTTP Server

Published April 4, 2024

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

Key dates

Disclosure timeline

April 4, 2024 CVE published

November 4, 2025 Record updated