CVE-2024-38473

CVE-2024-38473: Apache HTTP Server proxy encoding problem

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-116

Published July 1, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Key dates

Disclosure timeline

July 1, 2024 CVE published

February 13, 2025 Record updated