Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Tue, 29 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 29 Oct 2024 04:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 25 Sep 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els

Fri, 13 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
References

Thu, 12 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2
cpe:/o:redhat:rhel_aus:7.7

Mon, 09 Sep 2024 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6
Vendors & Products Redhat rhel Aus
Redhat rhel Tus

Fri, 06 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:8.8

Mon, 26 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:9.2
Vendors & Products Redhat rhel E4s
Redhat rhel Eus

Wed, 21 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache http Server
Netapp
Netapp clustered Data Ontap
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*
Vendors & Products Apache
Apache http Server
Netapp
Netapp clustered Data Ontap
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Tue, 13 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Core Services
CPEs cpe:/a:redhat:jboss_core_services:1
cpe:/a:redhat:jboss_core_services:1::el7
cpe:/a:redhat:jboss_core_services:1::el8
Vendors & Products Redhat jboss Core Services

Mon, 12 Aug 2024 10:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Thu, 08 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-07-01T18:15:40.071Z

Updated: 2024-10-29T16:42:18.129Z

Reserved: 2024-06-17T11:10:56.470Z

Link: CVE-2024-38476

cve-icon Vulnrichment

Updated: 2024-09-13T17:04:57.387Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-01T19:15:04.977

Modified: 2024-12-02T17:36:33.403

Link: CVE-2024-38476

cve-icon Redhat

Severity : Important

Publid Date: 2024-07-01T00:00:00Z

Links: CVE-2024-38476 - Bugzilla