CVE-2024-38477

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://httpd.apache.org/security/vulnerabilities_24.html	Vendor Advisory
https://security.netapp.com/advisory/ntap-20240712-0001/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*

History

21 Aug 2024, 15:11

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:o:netapp:clustered_data_ontap:9.0:::::::* cpe:2.3:a:apache:http_server::::::::
References	~~() https://httpd.apache.org/security/vulnerabilities_24.html -~~	() https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory
References	~~() https://security.netapp.com/advisory/ntap-20240712-0001/ -~~	() https://security.netapp.com/advisory/ntap-20240712-0001/ - Third Party Advisory
First Time		Apache http Server Netapp Apache Netapp clustered Data Ontap

12 Jul 2024, 14:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240712-0001/ -

02 Jul 2024, 12:09

Type	Values Removed	Values Added
Summary		(es) La desreferencia del puntero nulo en mod_proxy en Apache HTTP Server 2.4.59 y versiones anteriores permite a un atacante bloquear el servidor mediante una solicitud maliciosa. Se recomienda a los usuarios actualizar a la versión 2.4.60, que soluciona este problema.

01 Jul 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-01 19:15

Updated : 2024-08-21 15:11

NVD link : CVE-2024-38477

Mitre link : CVE-2024-38477

CVE.ORG link : CVE-2024-38477

JSON object : View

Products Affected

apache

http_server

netapp

clustered_data_ontap

CWE

CWE-476

NULL Pointer Dereference

7.5 /10