cvelist/2024/38xxx/CVE-2024-38476.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-38476",
        "ASSIGNER": "security@apache.org",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via\u00a0backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                        "cweId": "CWE-829"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Apache Software Foundation",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Apache HTTP Server",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "2.4.0",
                                            "version_value": "2.4.59"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://httpd.apache.org/security/vulnerabilities_24.html",
                "refsource": "MISC",
                "name": "https://httpd.apache.org/security/vulnerabilities_24.html"
            },
            {
                "url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
                "refsource": "MISC",
                "name": "https://security.netapp.com/advisory/ntap-20240712-0001/"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "credits": [
        {
            "lang": "en",
            "value": "Orange Tsai (@orange_8361) from DEVCORE"
        }
    ]
}
"-Synchronized-Data." 2024-06-17 12:00:31 +00:00			`{`
"-Synchronized-Data." 2024-07-01 19:00:36 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-06-17 12:00:31 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-38476",`
"-Synchronized-Data." 2024-07-01 19:00:36 +00:00			`"ASSIGNER": "security@apache.org",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-06-17 12:00:31 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-07-01 19:00:36 +00:00			`"value": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via\u00a0backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",`
			`"cweId": "CWE-829"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Apache Software Foundation",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Apache HTTP Server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "2.4.0",`
			`"version_value": "2.4.59"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://httpd.apache.org/security/vulnerabilities_24.html",`
			`"refsource": "MISC",`
			`"name": "https://httpd.apache.org/security/vulnerabilities_24.html"`
"-Synchronized-Data." 2024-07-12 15:00:35 +00:00			`},`
			`{`
			`"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",`
			`"refsource": "MISC",`
			`"name": "https://security.netapp.com/advisory/ntap-20240712-0001/"`
"-Synchronized-Data." 2024-06-17 12:00:31 +00:00			`}`
			`]`
"-Synchronized-Data." 2024-07-01 19:00:36 +00:00			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
			`},`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "Orange Tsai (@orange_8361) from DEVCORE"`
			`}`
			`]`
"-Synchronized-Data." 2024-06-17 12:00:31 +00:00			`}`