CVE-2024-38476
Published: 1 July 2024
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needed
|
|
jammy |
Needed
|
|
mantic |
Needed
|
|
noble |
Needed
|
|
trusty |
Needs triage
|
|
upstream |
Released
(2.4.60-1)
|
|
xenial |
Needs triage
|
|
Patches: upstream: https://svn.apache.org/viewvc?view=revision&revision=1918560 upstream: https://github.com/apache/httpd/commit/554554b0ebb14d6578adb70a389c57a0d5f18a3b |