vulnerability
Amazon Linux 2023: CVE-2024-24795: Medium priority package update for httpd
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Apr 4, 2024 | Feb 17, 2025 | Jul 4, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Apr 4, 2024
Added
Feb 17, 2025
Modified
Jul 4, 2025
Description
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
Users are recommended to upgrade to version 2.4.59, which fixes this issue.
A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
Users are recommended to upgrade to version 2.4.59, which fixes this issue.
A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
Solution(s)
amazon-linux-2023-upgrade-httpdamazon-linux-2023-upgrade-httpd-coreamazon-linux-2023-upgrade-httpd-core-debuginfoamazon-linux-2023-upgrade-httpd-debuginfoamazon-linux-2023-upgrade-httpd-debugsourceamazon-linux-2023-upgrade-httpd-develamazon-linux-2023-upgrade-httpd-filesystemamazon-linux-2023-upgrade-httpd-manualamazon-linux-2023-upgrade-httpd-toolsamazon-linux-2023-upgrade-httpd-tools-debuginfoamazon-linux-2023-upgrade-mod-ldapamazon-linux-2023-upgrade-mod-ldap-debuginfoamazon-linux-2023-upgrade-mod-luaamazon-linux-2023-upgrade-mod-lua-debuginfoamazon-linux-2023-upgrade-mod-proxy-htmlamazon-linux-2023-upgrade-mod-proxy-html-debuginfoamazon-linux-2023-upgrade-mod-sessionamazon-linux-2023-upgrade-mod-session-debuginfoamazon-linux-2023-upgrade-mod-sslamazon-linux-2023-upgrade-mod-ssl-debuginfo

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.