CVE-2024-24795

CVE-2024-24795: Apache HTTP Server: HTTP Response Splitting in multiple modules

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-113 · HTTP response splitting

Published April 4, 2024

Last update November 12, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Key dates

Disclosure timeline

April 4, 2024 CVE published

November 12, 2024 Record updated