Unrated severityNVD Advisory· Published Jul 1, 2024· Updated Feb 13, 2025

Apache HTTP Server proxy encoding problem

CVE-2024-38473

Description

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Affected products

osv-coords53 versions
pkg:bitnami/apache pkg:rpm/almalinux/httpd pkg:rpm/almalinux/httpd-core pkg:rpm/almalinux/httpd-devel pkg:rpm/almalinux/httpd-filesystem pkg:rpm/almalinux/httpd-manual pkg:rpm/almalinux/httpd-tools pkg:rpm/almalinux/mod_http2 pkg:rpm/almalinux/mod_ldap pkg:rpm/almalinux/mod_lua pkg:rpm/almalinux/mod_md pkg:rpm/almalinux/mod_proxy_html pkg:rpm/almalinux/mod_session pkg:rpm/almalinux/mod_ssl pkg:rpm/opensuse/apache2-devel&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/apache2&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/apache2&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/apache2&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/apache2-event&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/apache2-manual&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/apache2-prefork&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/apache2-utils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/apache2-worker&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/apache2-devel&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6 pkg:rpm/suse/apache2&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/apache2&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/apache2&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/apache2-event&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6 pkg:rpm/suse/apache2-prefork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/apache2-tls13&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/apache2-tls13&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/apache2-tls13&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/apache2-utils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6 pkg:rpm/suse/apache2-worker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6
>= 2.4.0, < 2.4.60+ 52 more
- (no CPE)range: >= 2.4.0, < 2.4.60
- (no CPE)range: < 2.4.37-65.module_el8.10.0+3872+9b8ab21e.1
- (no CPE)range: < 2.4.57-11.el9_4
- (no CPE)range: < 2.4.37-65.module_el8.10.0+3872+9b8ab21e.1
- (no CPE)range: < 2.4.37-65.module_el8.10.0+3872+9b8ab21e.1
- (no CPE)range: < 2.4.37-65.module_el8.10.0+3872+9b8ab21e.1
- (no CPE)range: < 2.4.37-65.module_el8.10.0+3872+9b8ab21e.1
- (no CPE)range: < 1.15.7-10.module_el8.10.0+3832+564e7653
- (no CPE)range: < 2.4.37-65.module_el8.10.0+3872+9b8ab21e.1
- (no CPE)range: < 2.4.57-11.el9_4
- (no CPE)range: < 1:2.0.8-8.module_el8.6.0+2872+fe0ff7aa
- (no CPE)range: < 1:2.4.37-65.module_el8.10.0+3872+9b8ab21e.1
- (no CPE)range: < 2.4.37-65.module_el8.10.0+3872+9b8ab21e.1
- (no CPE)range: < 1:2.4.37-65.module_el8.10.0+3872+9b8ab21e.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.51-150400.6.34.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.61-1.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.51-150200.3.73.1
- (no CPE)range: < 2.4.51-150200.3.73.1
- (no CPE)range: < 2.4.51-150200.3.73.1
- (no CPE)range: < 2.4.51-150400.6.34.1
- (no CPE)range: < 2.4.51-150400.6.34.1
- (no CPE)range: < 2.4.51-150400.6.34.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.51-150400.6.34.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.51-150400.6.34.1
- (no CPE)range: < 2.4.51-150400.6.34.1
- (no CPE)range: < 2.4.51-35.57.1
- (no CPE)range: < 2.4.51-150200.3.73.1
- (no CPE)range: < 2.4.51-150200.3.73.1
- (no CPE)range: < 2.4.51-150400.6.34.1
- (no CPE)range: < 2.4.51-35.57.1
- (no CPE)range: < 2.4.51-150200.3.73.1
- (no CPE)range: < 2.4.51-150200.3.73.1
- (no CPE)range: < 2.4.51-150400.6.34.1
- (no CPE)range: < 2.4.51-35.57.1
- (no CPE)range: < 2.4.51-150400.6.34.1
- (no CPE)range: < 2.4.51-150400.6.34.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.51-35.57.2
- (no CPE)range: < 2.4.51-35.57.2
- (no CPE)range: < 2.4.51-35.57.2
- (no CPE)range: < 2.4.58-150600.5.23.1
- (no CPE)range: < 2.4.58-150600.5.23.1
Apache Software Foundation/Apache HTTP Serverv5
Range: 2.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

httpd.apache.org/security/vulnerabilities_24.htmlmitrevendor-advisory
security.netapp.com/advisory/ntap-20240712-0001/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.071
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000