oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-38709: Apache HTTP Server: HTTP response splitting

From: Eric Covener <covener () apache org>
Date: Thu, 04 Apr 2024 13:57:09 +0000
Affected versions:

- Apache HTTP Server through 2.4.58

Description:

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP 
responses.

This issue affects Apache HTTP Server: through 2.4.58.

Credit:

Orange Tsai (@orange_8361) from DEVCORE (finder)

References:

https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-38709
Previous By Date Next
Previous By Thread Next

Current thread: