### [CVE-2024-38477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%3D%202.4.59%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20NULL%20Pointer%20Dereference&color=brighgreen)

### Description

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.Users are recommended to upgrade to version 2.4.60, which fixes this issue.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/GhostTroops/TOP
- https://github.com/NeoOniX/5ATTACK
- https://github.com/Y09a514/Test-Apache-Vulnerability
- https://github.com/dusbot/cpe2cve
- https://github.com/kennyHuang1110/apache-confusion-scanner
- https://github.com/krlabs/apache-vulnerabilities
- https://github.com/mrmtwoj/apache-vulnerability-testing