CVE-2024-38476
CRITICALDescription
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apache | http_server |
| netapp | clustered_data_ontap |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-38476? +
How severe is CVE-2024-38476? +
What products are affected by CVE-2024-38476? +
How do I check if I'm vulnerable to CVE-2024-38476? +
Related Vulnerabilities
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute …
conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the …
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, …
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an …
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those …
A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input …