ГлавнаяУязвимости → CVE-2023-38709
7.3высокая

CVE-2023-38709

→ есть в БДУ: BDU:2024-03101 (на русском)
Описание (на английском; русское — в БДУ выше)

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

Затрагиваемое ПО
Apache Http serverDebian Debian linuxFedoraproject FedoraNetapp OntapNetapp Ontap toolsBroadcom Fabric operating systemApple Macos
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Источники
http://seclists.org/fulldisclosure/2024/Jul/18http://www.openwall.com/lists/oss-security/2024/04/04/3https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.debian.org/debian-lts-announce/2024/05/msg00013.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/https://security.netapp.com/advisory/ntap-20240415-0013/