Vulnerability CVE-2023-38709: Information

Description

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-38709
Published: April 4, 2024
Modified: May 4, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.59-alt12.4.59-alt1ALT-PU-2024-5986-1344449Fixed
apache2sisyphus_e2k2.4.59-alt12.4.59-alt1ALT-PU-2024-6182-1-Fixed
apache2sisyphus_riscv642.4.59-alt12.4.59-alt1ALT-PU-2024-6054-1-Fixed
apache2sisyphus_loongarch642.4.59-alt12.4.59-alt1ALT-PU-2024-6065-1-Fixed
apache2p102.4.59-alt12.4.59-alt1ALT-PU-2024-5990-3344447Fixed
apache2p10_e2k2.4.59-alt12.4.59-alt1ALT-PU-2024-6265-1-Fixed
apache2c10f12.4.59-alt12.4.59-alt1ALT-PU-2024-6194-2344709Fixed
apache2c9f22.4.59-alt12.4.59-alt1ALT-PU-2024-6193-2344710Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://httpd.apache.org/security/vulnerabilities_24.html
    https://security.netapp.com/advisory/ntap-20240415-0013/
      https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
        http://www.openwall.com/lists/oss-security/2024/04/04/3
          https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
            https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
              Version: v24.5.1
              Back to top