vulnerability
Oracle Linux: CVE-2024-24795: ELSA-2024-9306: httpd security update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Apr 4, 2024 | Nov 21, 2024 | Dec 3, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Apr 4, 2024
Added
Nov 21, 2024
Modified
Dec 3, 2025
Description
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
Users are recommended to upgrade to version 2.4.59, which fixes this issue.
A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
Users are recommended to upgrade to version 2.4.59, which fixes this issue.
A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
Solutions
oracle-linux-upgrade-httpdoracle-linux-upgrade-httpd-coreoracle-linux-upgrade-httpd-develoracle-linux-upgrade-httpd-filesystemoracle-linux-upgrade-httpd-manualoracle-linux-upgrade-httpd-toolsoracle-linux-upgrade-mod-ldaporacle-linux-upgrade-mod-luaoracle-linux-upgrade-mod-proxy-htmloracle-linux-upgrade-mod-sessionoracle-linux-upgrade-mod-ssl
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.