FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-24795

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') (CWE-113)

Published: Apr 4, 2024 / Updated: 7mo ago

010
CVSS 6.3EPSS 0.04%Medium
CVE info copied to clipboard

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (192923)

Apr 4, 2024 at 12:15 PM
CVE Assignment

NVD published the first details for CVE-2024-24795

Apr 4, 2024 at 1:15 PM
First Article

Feedly found the first article mentioning CVE-2024-24795. See article

Apr 4, 2024 at 3:06 PM / Penetration Testing
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Apr 4, 2024 at 4:26 PM
Vendor Advisory

RedHat CVE advisory released a security advisory (CVE-2024-24795).

Apr 4, 2024 at 7:35 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (510794)

Apr 4, 2024 at 10:15 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 7.7%)

Apr 5, 2024 at 3:50 PM
CVSS

A CVSS base score of 6.8 has been assigned.

Apr 5, 2024 at 5:55 PM / redhat-cve-advisories
Threat Intelligence Report

The vulnerability CVE-2024-24795 in Apache HTTP Server allows for HTTP Response Splitting in multiple modules, posing a critical risk to web servers. This vulnerability has a CVSS score of [insert score if available], and if exploited in the wild, it could lead to unauthorized access or data manipulation. Mitigations, detections, and patches may be available, but downstream impacts to third-party vendors or technologies should be assessed. See article

Jul 2, 2024 at 8:29 AM
Static CVE Timeline Graph

Affected Systems

Apache/http_server
+null more

Patches

bugzilla.redhat.com
+null more

Attack Patterns

CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
+null more

Vendor Advisory

About the security content of macOS Sonoma 14.6 - Apple Support
Apple Security updates / 35d
Description: An out-of-bounds read issue was addressed with improved input validation. Description: An out-of-bounds write issue was addressed with improved input validation.

References

Siemens SINEC NMS
Cybersecurity and Infrastructure Security Agency CISA / 5d
Vulnerabilities : Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Out-of-bounds Write, Uncontrolled Resource Consumption, HTTP Request/Response Splitting, Missing Encryption of Sensitive Data, Out-of-bounds Read, Improper Certificate Validation, Missing Release of Resource after Effective Lifetime, Improper Validation of Certificate with Host Mismatch, Allocation of Resources Without Limits or Throttling, Incorrect Permission Assignment for Critical Resource Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions.

News

oracle_linux ELSA-2024-9306: ELSA-2024-9306: httpd security update (MODERATE)
Recently Released Plugin Pipeline from Tenable / 18h
Released Last Updated: 11/19/2024 CVEs: CVE-2023-38709 , CVE-2024-24795 Plugins: 211533
Oracle Linux 9 : httpd (ELSA-2024-9306)
Newest Nessus Plugins from Tenable / 18h
Nessus Plugin ID 211533 with High Severity Synopsis The remote Oracle Linux host is missing one or more security updates. Description The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9306 advisory. - Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix - Resolves: RHEL-31856 - httpd: HTTP response splitting (CVE-2023-38709) - Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple modules (CVE-2024-24795) - Resolves: RHEL-14447 - httpd: mod_macro:
KRB5, Python, Libvirt, and more updates for AlmaLinux
Linux Compatible / 23h
The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the virtualized systems. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-9452.html
Siemens SINEC NMS
Cybersecurity and Infrastructure Security Agency CISA / 5d
Vulnerabilities : Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Out-of-bounds Write, Uncontrolled Resource Consumption, HTTP Request/Response Splitting, Missing Encryption of Sensitive Data, Out-of-bounds Read, Improper Certificate Validation, Missing Release of Resource after Effective Lifetime, Improper Validation of Certificate with Host Mismatch, Allocation of Resources Without Limits or Throttling, Incorrect Permission Assignment for Critical Resource Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions.
RHEL 9 : httpd (RHSA-2024:9306)
Newest Nessus Plugins from Tenable / 7d
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section. The remote Red Hat host is missing one or more security updates for httpd.
See 195 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:Low
Integrity:Low
Availability Impact:Low

Categories

CVSS 6.3(29816)CWE-113(53)CWE-444(234)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial