Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-38473

Published: 1 July 2024

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Priority

Medium

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal Needed

jammy Needed

mantic Needed

noble Needed

trusty Needs triage

upstream
Released (2.4.60-1)
xenial Needs triage

Patches:
upstream: https://svn.apache.org/viewvc?view=revision&revision=1918559
upstream: https://svn.apache.org/viewvc?view=revision&revision=1918666
upstream: https://svn.apache.org/viewvc?view=revision&revision=1918600
upstream: https://svn.apache.org/viewvc?view=revision&revision=1918625
upstream: https://svn.apache.org/viewvc?view=revision&revision=1918668
upstream: https://github.com/apache/httpd/commit/b10cb2d69184843832d501a615abe3e8e5e256dc
upstream: https://github.com/apache/httpd/commit/6b8e043ce4f27114e6ae1b8176b629b7cb3fbbce
upstream: https://github.com/apache/httpd/commit/93aec0e3ca451bcc97f6d91c14d5399d13a73365
upstream: https://github.com/apache/httpd/commit/cc00cf6b4e37370897daddc307bf1deecf8fedfa
upstream: https://github.com/apache/httpd/commit/4326d6b9041a3bcb9b529f9163d0761c2d760700

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading