CVE-2024-38476

Published: 1 July 2024

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Priority

Status

Package	Release	Status
apache2 Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needed
	jammy	Needed
	mantic	Needed
	noble	Needed
	trusty	Needs triage
	upstream	Released (2.4.60-1)
	xenial	Needs triage
	Patches: upstream: https://svn.apache.org/viewvc?view=revision&revision=1918560 upstream: https://github.com/apache/httpd/commit/554554b0ebb14d6578adb70a389c57a0d5f18a3b

References

https://www.cve.org/CVERecord?id=CVE-2024-38476
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38476
https://httpd.apache.org/security/vulnerabilities_24.html
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.