First published: Thu Apr 04 2024(Updated: )
Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by a flaw in multiple modules. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.
Credit: security@apache.org security@apache.org Yeto Yeto Yeto
Affected Software | Affected Version | How to fix |
---|---|---|
F5 BIG-IP | >=17.1.0<=17.1.1 | |
F5 BIG-IP | >=16.1.0<=16.1.4 | |
F5 BIG-IP | >=15.1.0<=15.1.10 | |
F5 F5OS-A | =1.7.0>=1.5.0<=1.5.2=1.4.0>=1.3.0<=1.3.2 | |
F5 F5OS-C | >=1.6.0<=1.6.2>=1.5.0<=1.5.1 | |
IBM Aspera Console | <=3.4.0 - 3.4.2 PL9 | |
Apple macOS Sonoma | <14.6 | 14.6 |
debian/apache2 | 2.4.62-1~deb11u1 2.4.61-1~deb11u1 2.4.62-1~deb12u1 2.4.61-1~deb12u1 2.4.62-3 | |
debian/uwsgi | <=2.0.19.1-7.1<=2.0.21-5.1<=2.0.26-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)