Severity: moderate
Affected versions: - Apache HTTP Server 2.4.0 through 2.4.63 Description: HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue. References: https://httpd.apache.org/security/vulnerabilities_24.html https://httpd.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-42516 Timeline: 2024-07-18: reported 2025-07-07: 2.4.x 1927039 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
