Search for vulnerabilities
Vulnerability details: VCID-4zvx-bqfg-jfhr
Vulnerability ID VCID-4zvx-bqfg-jfhr
Aliases CVE-2024-24795
Summary HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
Status Published
Exploitability 0.5
Weighted Severity 4.4
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
System Score Found at
cvssv3 4.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01219 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01219 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01219 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01219 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01219 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01219 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01219 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01219 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01219 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01253 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01253 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01253 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01914 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01914 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01914 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01914 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01914 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01967 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01967 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01967 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
epss 0.01967 https://api.first.org/data/v1/epss?cve=CVE-2024-24795
cvssv3.1 6.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.3 https://httpd.apache.org/security/vulnerabilities_24.html
ssvc Track https://httpd.apache.org/security/vulnerabilities_24.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json
https://api.first.org/data/v1/epss?cve=CVE-2024-24795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html
http://www.openwall.com/lists/oss-security/2024/04/04/5
1068412 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
2273499 https://bugzilla.redhat.com/show_bug.cgi?id=2273499
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-24795 https://httpd.apache.org/security/json/CVE-2024-24795.json
CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795
RHSA-2024:9306 https://access.redhat.com/errata/RHSA-2024:9306
RHSA-2025:3452 https://access.redhat.com/errata/RHSA-2025:3452
RHSA-2025:3453 https://access.redhat.com/errata/RHSA-2025:3453
USN-6729-1 https://usn.ubuntu.com/6729-1/
USN-6729-2 https://usn.ubuntu.com/6729-2/
USN-6729-3 https://usn.ubuntu.com/6729-3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://httpd.apache.org/security/vulnerabilities_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T19:38:36Z/ Found at https://httpd.apache.org/security/vulnerabilities_24.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.72376
EPSS Score 0.00754
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:28:47.882216+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.18/main.json 37.0.0