INFSA-2024:5193: httpd:2.4 security update
Information about definition
Identificator: INFSA-2024:5193
Type: security
Release date: 2024-10-10 05:50:32 UTC
Information about package
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Vulnerabilities description
- CVE-2024-38476
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-38476
|
no information | 8.1 | no information |
Updated packages