vulnerability
IBM HTTP Server: CVE-2023-38709: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by improper input validation in the core
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:C/A:N) | Sep 5, 2024 | Nov 20, 2025 | Nov 20, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:C/A:N)
Published
Sep 5, 2024
Added
Nov 20, 2025
Modified
Nov 20, 2025
Description
Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by improper input validation in the core. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.
Solutions
ibm-http_server-apply-interim-fix-ph60619-for-9_0ibm-http_server-apply-interim-fix-ph60619-for-8_5ibm-http_server-apply-fix-pack-9_0_5_20ibm-http_server-apply-fix-pack-8_5_5_26
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.