Home > Vulnerability Database > CVE-2023-38709

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-38709

Date: April 4, 2024

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

Language: C

Severity Score

7.3

Related Resources (14)

Url: http://seclists.org/fulldisclosure/2024/Jul/18

Url: https://httpd.apache.org/security/vulnerabilities_24.html

Url: http://www.openwall.com/lists/oss-security/2024/04/04/3

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/

Url: https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-38709

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/

Url: https://support.apple.com/kb/HT214119

Url: https://security.alpinelinux.org/vuln/CVE-2023-38709

Url: https://security-tracker.debian.org/tracker/CVE-2023-38709

Url: https://security.netapp.com/advisory/ntap-20240415-0013/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/

Url: https://github.com/apache/httpd/commit/ac20389f3c816d990aba21720f1492b69ac5cb44

Url: https://www.mend.io/vulnerability-database/CVE-2023-38709

Severity Score

7.3

Weakness Type (CWE)

Improper Validation of Specified Quantity in Input

CWE-1284

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Do you need more information?

Contact Us