CVE-2023-38709

EPSS 5.8%
Published 04.04.2024 20:15:08
Last modified 30.06.2025 12:59:08
Source security@apache.org
Teams watchlist Login
Open Login

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

This issue affects Apache HTTP Server: through 2.4.58.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version < 2.4.59

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Fedoraproject ≫ Fedora Version40

Netapp ≫ Ontap Version9

Netapp ≫ Ontap Tools Version10 SwPlatformvmware_vsphere

Broadcom ≫ Fabric Operating System Version-

Apple ≫ macOS Version < 14.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.8%	0.901

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://httpd.apache.org/security/vulnerabilities_24.html

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2024/Jul/18

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT214119

Third Party Advisory

http://www.openwall.com/lists/oss-security/2024/04/04/3

Third Party Advisory