vulnerability

Amazon Linux 2023: CVE-2024-42516: Important priority package update for httpd

Try Surface Command
Back to search
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:C/A:N)
Published
Jul 14, 2025
Added
Aug 5, 2025
Modified
Aug 5, 2025

Description

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response.
This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue.
Users are recommended to upgrade to version 2.4.64, which fixes this issue.
A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers. These issues lead to HTTP response splitting. This CVE provides a "complete" fix for CVE-2023-38709.

Solutions

amazon-linux-2023-upgrade-httpdamazon-linux-2023-upgrade-httpd-coreamazon-linux-2023-upgrade-httpd-core-debuginfoamazon-linux-2023-upgrade-httpd-debuginfoamazon-linux-2023-upgrade-httpd-debugsourceamazon-linux-2023-upgrade-httpd-develamazon-linux-2023-upgrade-httpd-filesystemamazon-linux-2023-upgrade-httpd-manualamazon-linux-2023-upgrade-httpd-toolsamazon-linux-2023-upgrade-httpd-tools-debuginfoamazon-linux-2023-upgrade-mod-ldapamazon-linux-2023-upgrade-mod-ldap-debuginfoamazon-linux-2023-upgrade-mod-luaamazon-linux-2023-upgrade-mod-lua-debuginfoamazon-linux-2023-upgrade-mod-proxy-htmlamazon-linux-2023-upgrade-mod-proxy-html-debuginfoamazon-linux-2023-upgrade-mod-sessionamazon-linux-2023-upgrade-mod-session-debuginfoamazon-linux-2023-upgrade-mod-sslamazon-linux-2023-upgrade-mod-ssl-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today