Malicious Input Validation Flaw Affects Apache HTTP Server

CVE-2023-38709

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 4 April 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

Affected Version(s)

Apache HTTP Server <= 2.4.58

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

apache-vulnerability-testing
Created by mrmtwoj

Timeline

👾
Exploit exists.
Nov 6, 2024
Vulnerability published.
Apr 4, 2024
reported
Jun 26, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Orange Tsai (@orange_8361) from DEVCORE