CVE-2023-38709

HIGH | Platform: macOS | Changelog

CVE Details

Description

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

This issue affects Apache HTTP Server: through 2.4.58.

CVSS 3.1 Score

Metric	Value
Base Score	7.3 (HIGH)
Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L`

Weakness

CWE-1284

References

Apple Security Advisory
NVD Entry
http://seclists.org/fulldisclosure/2024/Jul/18 (Mailing List, Third Party Advisory)
http://www.openwall.com/lists/oss-security/2024/04/04/3 (Mailing List, Third Party Advisory)
https://httpd.apache.org/security/vulnerabilities_24.html (Vendor Advisory)
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html (Mailing List, Third Party Advisory)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/ (Mailing List, Third Party Advisory)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/ (Mailing List, Third Party Advisory)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/ (Mailing List, Third Party Advisory)
https://security.netapp.com/advisory/ntap-20240415-0013/ (Third Party Advisory)