CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

History

30 Jun 2025, 12:55

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
First Time Broadcom
Netapp ontap Tools
Netapp ontap
Debian
Apple
Fedoraproject fedora
Apache http Server
Broadcom fabric Operating System
Apple macos
Debian debian Linux
Fedoraproject
Netapp
Apache
References () https://httpd.apache.org/security/vulnerabilities_24.html - () https://httpd.apache.org/security/vulnerabilities_24.html - Release Notes, Vendor Advisory
References () http://seclists.org/fulldisclosure/2024/Jul/18 - () http://seclists.org/fulldisclosure/2024/Jul/18 - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/04/04/5 - () http://www.openwall.com/lists/oss-security/2024/04/04/5 - Mailing List
References () https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html - () https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html - Mailing List, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html - () https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/ - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/ - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/ - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240415-0013/ - () https://security.netapp.com/advisory/ntap-20240415-0013/ - Third Party Advisory
References () https://support.apple.com/kb/HT214119 - () https://support.apple.com/kb/HT214119 - Third Party Advisory

21 Nov 2024, 08:59

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/18 -
  • () http://www.openwall.com/lists/oss-security/2024/04/04/5 -
  • () https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html -
  • () https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/ -
  • () https://security.netapp.com/advisory/ntap-20240415-0013/ -
  • () https://support.apple.com/kb/HT214119 -
References () https://httpd.apache.org/security/vulnerabilities_24.html - () https://httpd.apache.org/security/vulnerabilities_24.html -

12 Nov 2024, 20:35

Type Values Removed Values Added
CWE CWE-444
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.3

03 Oct 2024, 13:15

Type Values Removed Values Added
References
  • {'url': 'http://seclists.org/fulldisclosure/2024/Jul/18', 'source': 'security@apache.org'}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/04/04/5', 'source': 'security@apache.org'}
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html', 'source': 'security@apache.org'}
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html', 'source': 'security@apache.org'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/', 'source': 'security@apache.org'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/', 'source': 'security@apache.org'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/', 'source': 'security@apache.org'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20240415-0013/', 'source': 'security@apache.org'}
  • {'url': 'https://support.apple.com/kb/HT214119', 'source': 'security@apache.org'}
CWE CWE-113

30 Jul 2024, 02:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/18 -

29 Jul 2024, 22:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214119 -

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html -

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html -

04 May 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/ -

03 May 2024, 03:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/ -

01 May 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/04/04/5 -

19 Apr 2024, 23:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/ -
  • () https://security.netapp.com/advisory/ntap-20240415-0013/ -

05 Apr 2024, 12:40

Type Values Removed Values Added
Summary
  • (es) La división de la respuesta HTTP en varios módulos en el servidor HTTP Apache permite que un atacante pueda inyectar encabezados de respuesta maliciosos en aplicaciones backend para provocar un ataque de desincronización HTTP. Se recomienda a los usuarios actualizar a la versión 2.4.59, que soluciona este problema.

04 Apr 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-04 20:15

Updated : 2025-06-30 12:55


NVD link : CVE-2024-24795

Mitre link : CVE-2024-24795

CVE.ORG link : CVE-2024-24795


JSON object : View

Products Affected

apple

  • macos

netapp

  • ontap
  • ontap_tools

apache

  • http_server

debian

  • debian_linux

broadcom

  • fabric_operating_system

fedoraproject

  • fedora
CWE
CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')