VDB
DEBIAN-CVE-2023-38709
DEBIAN-CVE-2023-38709
PUBLISHED
CVSS 7.300000190734863 HIGH
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | apache2 | 2.4.59-1~deb10u1, 2.4.57-3, 2.4.59-1~deb11u1 |
| Debian:11 | apache2 | 2.4.57-3, 2.4.56-2, 2.4.54-4 |
| Debian:14 | apache2 | 0, 0, 0 |
| Debian:13 | apache2 | 0, 0, 0 |
Exploit Intelligence
- Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709 (github-poc-repo)
- Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709 (github-poc)
- report.html (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
Timeline
- Apr 4, 2024 CVE Published
- Apr 28, 2026 CVE Updated