Apache HTTP Server Vulnerable to Information Disclosure and Local Script Execution
CVE-2024-38476
9.8CRITICAL
Summary
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Affected Version(s)
Apache HTTP Server <= 2.4.59
EPSS Score
1% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
reported
Collectors
NVD DatabaseMitre Database
Credit
Orange Tsai (@orange_8361) from DEVCORE