Vulnerability CVE-2024-24795: Information

Description

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-24795
Published: April 4, 2024
Modified: May 4, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.59-alt12.4.59-alt1ALT-PU-2024-5986-1344449Fixed
apache2sisyphus_e2k2.4.59-alt12.4.59-alt1ALT-PU-2024-6182-1-Fixed
apache2sisyphus_riscv642.4.59-alt12.4.59-alt1ALT-PU-2024-6054-1-Fixed
apache2sisyphus_loongarch642.4.59-alt12.4.59-alt1ALT-PU-2024-6065-1-Fixed
apache2p102.4.59-alt12.4.59-alt1ALT-PU-2024-5990-3344447Fixed
apache2p10_e2k2.4.59-alt12.4.59-alt1ALT-PU-2024-6265-1-Fixed
apache2c10f12.4.59-alt12.4.59-alt1ALT-PU-2024-6194-2344709Fixed
apache2c9f22.4.59-alt12.4.59-alt1ALT-PU-2024-6193-2344710Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://httpd.apache.org/security/vulnerabilities_24.html
    https://security.netapp.com/advisory/ntap-20240415-0013/
      https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
        http://www.openwall.com/lists/oss-security/2024/04/04/5
          https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
            https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
              Version: v24.5.1
              Back to top