CVE-2024-38473

EPSS 87.11%
Published 01.07.2024 19:15:04
Last modified 01.07.2025 20:25:09
Source security@apache.org
Teams watchlist Login
Open Login

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version >= 2.4.0 < 2.4.60

Netapp ≫ Ontap Version9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	87.11%	0.994

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-116 Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

https://httpd.apache.org/security/vulnerabilities_24.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240712-0001/

Third Party Advisory

http://www.openwall.com/lists/oss-security/2024/07/01/6

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-38473

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38473

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38473

EUVD