CVE-2023-38709

Name
CVE-2023-38709
Description
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vendor-advisory https://httpd.apache.org/security/vulnerabilities_24.html
security@apache.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
security@apache.org https://security.netapp.com/advisory/ntap-20240415-0013/
security@apache.org http://www.openwall.com/lists/oss-security/2024/04/04/3
security@apache.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
security@apache.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/

Match rules

CPE URI Source package Min version Max version
apache-http-server >= 0 <= 2.4.58

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
apache2 3.16-main 2.4.59-r0 Kaarle Ritvanen <kunkku@alpinelinux.org> fixed