CVE-2024-38477

Published: 1 July 2024

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Priority

Status

Package	Release	Status
apache2 Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needed
	jammy	Needed
	mantic	Needed
	noble	Needed
	trusty	Needs triage
	upstream	Released (2.4.60-1)
	xenial	Needs triage
	Patches: upstream: https://svn.apache.org/viewvc?view=revision&revision=1918607 upstream: https://github.com/apache/httpd/commit/1d98d4db186e708f059336fb9342d0adb6925e85

References

https://www.cve.org/CVERecord?id=CVE-2024-38477
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477
https://httpd.apache.org/security/vulnerabilities_24.html
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.