VDB
DEBIAN-CVE-2024-24795
DEBIAN-CVE-2024-24795
PUBLISHED
CVSS 6.300000190734863 MEDIUM
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | apache2 | 2.4.52-1, 2.4.52-1, 2.4.51-1 |
| Debian:12 | uwsgi | 2.0.24-3, 0, 2.0.21-5.1 |
| Debian:12 | apache2 | 0, 2.4.57-2, 2.4.57-3 |
| Debian:14 | apache2 | 0, 0 |
| Debian:13 | uwsgi | 0, 2.0.29-1, 2.0.28-9 |
| Debian:11 | uwsgi | 2.0.22-2, 2.0.22-1, 2.0.21-6 |
| Debian:13 | apache2 | 0, 0 |
| Debian:14 | uwsgi | 2.0.28-9, 2.0.31-1, 2.0.31-2 |
Exploit Intelligence
- report.html (github-poc)
- cve_db.json (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
Timeline
- Apr 4, 2024 CVE Published
- Apr 28, 2026 CVE Updated