CVE-2024-38477

CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-476

Published July 1, 2024

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Key dates

Disclosure timeline

July 1, 2024 CVE published

November 3, 2025 Record updated