Reconnecting to live updates…

CVE-2024-38476: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in Apache Software Foundation Apache HTTP Server

Critical

VulnerabilityCVE-2024-38476cve cve-2024-38476 cwe-829

Published: Mon Jul 01 2024 (07/01/2024, 18:15:40 UTC)

Source: CVE Database V5

Vendor/Project: Apache Software Foundation

Product: Apache HTTP Server

Description

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Technical Details

Data Version: 5.2
Assigner Short Name: apache
Date Reserved: 2024-06-17T11:10:56.470Z
Cvss Version: 3.1
State: PUBLISHED

Threat ID: 690929a9fe7723195e0fd633

Added to database: 11/3/2025, 10:16:09 PM

Last updated: 11/3/2025, 10:19:50 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2024-4032: Vulnerability in Python Software Foundation CPython

High

VulnerabilityMon Nov 03 2025

CVE-2024-40867: A remote attacker may be able to break out of Web Content sandbox in Apple iOS and iPadOS

High

VulnerabilityMon Nov 03 2025

CVE-2024-40866: Visiting a malicious website may lead to address bar spoofing in Apple macOS

Medium

VulnerabilityMon Nov 03 2025

CVE-2024-40855: A sandboxed app may be able to access sensitive user data in Apple macOS

Medium

VulnerabilityMon Nov 03 2025

CVE-2024-40851: An attacker with physical access may be able to access contact photos from the lock screen in Apple iOS and iPadOS

Low

VulnerabilityMon Nov 03 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Reference 3 Reference 4 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2024-38476: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in Apache Software Foundation Apache HTTP Server

CVE-2024-38476: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in Apache Software Foundation Apache HTTP Server

Description

Technical Details

Community Reviews

Related Threats

CVE-2024-4032: Vulnerability in Python Software Foundation CPython

CVE-2024-40867: A remote attacker may be able to break out of Web Content sandbox in Apple iOS and iPadOS

CVE-2024-40866: Visiting a malicious website may lead to address bar spoofing in Apple macOS

CVE-2024-40855: A sandboxed app may be able to access sensitive user data in Apple macOS

CVE-2024-40851: An attacker with physical access may be able to access contact photos from the lock screen in Apple iOS and iPadOS

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility