Search for vulnerabilities
Vulnerability details: VCID-2ry3-3w5k-aaan
Vulnerability ID VCID-2ry3-3w5k-aaan
Aliases CVE-2024-24795
Summary HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
System Score Found at
cvssv3 4.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00204 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00238 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00586 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00586 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00586 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.0093 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01259 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01368 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01368 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01368 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.04912 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
cvssv3.1 6.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.3 https://httpd.apache.org/security/vulnerabilities_24.html
cvssv3.1 7.5 https://httpd.apache.org/security/vulnerabilities_24.html
generic_textual HIGH https://httpd.apache.org/security/vulnerabilities_24.html
ssvc Track https://httpd.apache.org/security/vulnerabilities_24.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json
https://api.first.org/data/v1/epss?cve=CVE-2024-24795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
http://seclists.org/fulldisclosure/2024/Jul/18
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
https://security.netapp.com/advisory/ntap-20240415-0013/
https://support.apple.com/kb/HT214119
http://www.openwall.com/lists/oss-security/2024/04/04/5
1068412 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
2273499 https://bugzilla.redhat.com/show_bug.cgi?id=2273499
CVE-2024-24795 https://httpd.apache.org/security/json/CVE-2024-24795.json
CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795
GLSA-202409-31 https://security.gentoo.org/glsa/202409-31
RHSA-2024:9306 https://access.redhat.com/errata/RHSA-2024:9306
USN-6729-1 https://usn.ubuntu.com/6729-1/
USN-6729-2 https://usn.ubuntu.com/6729-2/
USN-6729-3 https://usn.ubuntu.com/6729-3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://httpd.apache.org/security/vulnerabilities_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://httpd.apache.org/security/vulnerabilities_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T19:38:36Z/ Found at https://httpd.apache.org/security/vulnerabilities_24.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.09902
EPSS Score 0.00043
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:18:42.338423+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-24795 34.0.0rc4