Apache HTTP Server Fixes HTTP Desynchronization Vulnerability
CVE-2024-24795

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 4 April 2024

Summary

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.

Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Affected Version(s)

Apache HTTP Server 2.4.0 <= 2.4.58

References

https://httpd.apache.org/security/vulnerabilities_24.html

vendor-advisory

Timeline

Vulnerability published
Apr 4, 2024

Collectors

NVD DatabaseMitre Database

Credit

Keran Mu, Tsinghua University and Zhongguancun Laboratory.

Jianjun Chen, Tsinghua University and Zhongguancun Laboratory.