First published: Thu Apr 04 2024(Updated: )
Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by improper input validation in the core. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.
Credit: security@apache.org security@apache.org Yeto Yeto Yeto
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Aspera Console | <=3.4.0 - 3.4.2 PL9 | |
F5 BIG-IP | >=17.1.0<=17.1.1 | |
F5 BIG-IP | >=16.1.0<=16.1.4 | |
F5 BIG-IP | >=15.1.0<=15.1.10 | |
F5 F5OS-A | =1.7.0>=1.5.1<=1.5.2 | |
F5 F5OS-C | >=1.6.0<=1.6.2 | |
F5 Traffix SDC | =5.2.0=5.1.0 | |
Apple macOS Sonoma | <14.6 | 14.6 |
redhat/httpd | <2.4.59 | 2.4.59 |
debian/apache2 | 2.4.62-1~deb11u1 2.4.61-1~deb11u1 2.4.62-1~deb12u1 2.4.61-1~deb12u1 2.4.62-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)