CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
Configurations

No configuration.

History

05 Nov 2024, 20:35

Type Values Removed Values Added
CWE CWE-1284
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.3

30 Jul 2024, 02:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/18 -

29 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214119 -
Summary (en) Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (en) Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html -

04 May 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/ -

03 May 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/ -

01 May 2024, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/04/04/3 -

19 Apr 2024, 23:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/ -
  • () https://security.netapp.com/advisory/ntap-20240415-0013/ -

05 Apr 2024, 12:40

Type Values Removed Values Added
Summary
  • (es) La validación de entrada defectuosa en el núcleo de Apache permite que generadores de contenido/backend maliciosos o explotables dividan las respuestas HTTP. Este problema afecta al servidor HTTP Apache: hasta 2.4.58.

04 Apr 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-04 20:15

Updated : 2024-11-05 20:35


NVD link : CVE-2023-38709

Mitre link : CVE-2023-38709

CVE.ORG link : CVE-2023-38709


JSON object : View

Products Affected

No product.

CWE
CWE-1284

Improper Validation of Specified Quantity in Input