CVE-2024-38477

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38477
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://httpd.apache.org/security/vulnerabilities_24.html Vendor Advisory
https://security.netapp.com/advisory/ntap-20240712-0001/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*
History

21 Aug 2024, 15:11

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CPE cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
References () https://httpd.apache.org/security/vulnerabilities_24.html - () https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20240712-0001/ - () https://security.netapp.com/advisory/ntap-20240712-0001/ - Third Party Advisory
First Time Apache http Server
Netapp
Apache
Netapp clustered Data Ontap

12 Jul 2024, 14:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240712-0001/ -

02 Jul 2024, 12:09

Type Values Removed Values Added
Summary
  • (es) La desreferencia del puntero nulo en mod_proxy en Apache HTTP Server 2.4.59 y versiones anteriores permite a un atacante bloquear el servidor mediante una solicitud maliciosa. Se recomienda a los usuarios actualizar a la versión 2.4.60, que soluciona este problema.

01 Jul 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-01 19:15

Updated : 2024-08-21 15:11

NVD link : CVE-2024-38477

Mitre link : CVE-2024-38477

CVE.ORG link : CVE-2024-38477

JSON object : View

Products Affected

apache

  • http_server

netapp

  • clustered_data_ontap
CWE
CWE-476

NULL Pointer Dereference