Apache HTTP Server Fixes HTTP Desynchronization Vulnerability
CVE-2024-24795

Currently unrated

Key Information:

Vendor

Apache
Status
Apache Http Server
Vendor
CVE Published:
4 April 2024

What is CVE-2024-24795?

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.

Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache HTTP Server 2.4.0 <= 2.4.58

References

https://httpd.apache.org/security/vulnerabilities_24.html
vendor-advisory

Timeline

  • Vulnerability published

Credit

Keran Mu, Tsinghua University and Zhongguancun Laboratory.
Jianjun Chen, Tsinghua University and Zhongguancun Laboratory.
JSON
.