CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38473

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.823

EPSS Ranking 99.2%

CVSS Severity

CVSS v3 Score 8.1

References

Products affected by CVE-2024-38473

Apache » Http Server » Version: 2.4.0

cpe:2.3:a:apache:http_server:2.4.0
Apache » Http Server » Version: 2.4.1

cpe:2.3:a:apache:http_server:2.4.1
Apache » Http Server » Version: 2.4.10

cpe:2.3:a:apache:http_server:2.4.10
Apache » Http Server » Version: 2.4.11

cpe:2.3:a:apache:http_server:2.4.11
Apache » Http Server » Version: 2.4.12

cpe:2.3:a:apache:http_server:2.4.12
Apache » Http Server » Version: 2.4.13

cpe:2.3:a:apache:http_server:2.4.13
Apache » Http Server » Version: 2.4.14

cpe:2.3:a:apache:http_server:2.4.14
Apache » Http Server » Version: 2.4.15

cpe:2.3:a:apache:http_server:2.4.15
Apache » Http Server » Version: 2.4.16

cpe:2.3:a:apache:http_server:2.4.16
Apache » Http Server » Version: 2.4.17

cpe:2.3:a:apache:http_server:2.4.17
Apache » Http Server » Version: 2.4.18

cpe:2.3:a:apache:http_server:2.4.18
Apache » Http Server » Version: 2.4.19

cpe:2.3:a:apache:http_server:2.4.19
Apache » Http Server » Version: 2.4.2

cpe:2.3:a:apache:http_server:2.4.2
Apache » Http Server » Version: 2.4.20

cpe:2.3:a:apache:http_server:2.4.20
Apache » Http Server » Version: 2.4.21

cpe:2.3:a:apache:http_server:2.4.21
Apache » Http Server » Version: 2.4.22

cpe:2.3:a:apache:http_server:2.4.22
Apache » Http Server » Version: 2.4.23

cpe:2.3:a:apache:http_server:2.4.23
Apache » Http Server » Version: 2.4.24

cpe:2.3:a:apache:http_server:2.4.24
Apache » Http Server » Version: 2.4.25

cpe:2.3:a:apache:http_server:2.4.25
Apache » Http Server » Version: 2.4.26

cpe:2.3:a:apache:http_server:2.4.26
Apache » Http Server » Version: 2.4.27

cpe:2.3:a:apache:http_server:2.4.27
Apache » Http Server » Version: 2.4.28

cpe:2.3:a:apache:http_server:2.4.28
Apache » Http Server » Version: 2.4.29

cpe:2.3:a:apache:http_server:2.4.29
Apache » Http Server » Version: 2.4.3

cpe:2.3:a:apache:http_server:2.4.3
Apache » Http Server » Version: 2.4.30

cpe:2.3:a:apache:http_server:2.4.30
Apache » Http Server » Version: 2.4.31

cpe:2.3:a:apache:http_server:2.4.31
Apache » Http Server » Version: 2.4.32

cpe:2.3:a:apache:http_server:2.4.32
Apache » Http Server » Version: 2.4.33

cpe:2.3:a:apache:http_server:2.4.33
Apache » Http Server » Version: 2.4.34

cpe:2.3:a:apache:http_server:2.4.34
Apache » Http Server » Version: 2.4.35

cpe:2.3:a:apache:http_server:2.4.35
Apache » Http Server » Version: 2.4.36

cpe:2.3:a:apache:http_server:2.4.36
Apache » Http Server » Version: 2.4.37

cpe:2.3:a:apache:http_server:2.4.37
Apache » Http Server » Version: 2.4.38

cpe:2.3:a:apache:http_server:2.4.38
Apache » Http Server » Version: 2.4.39

cpe:2.3:a:apache:http_server:2.4.39
Apache » Http Server » Version: 2.4.4

cpe:2.3:a:apache:http_server:2.4.4
Apache » Http Server » Version: 2.4.40

cpe:2.3:a:apache:http_server:2.4.40
Apache » Http Server » Version: 2.4.41

cpe:2.3:a:apache:http_server:2.4.41
Apache » Http Server » Version: 2.4.42

cpe:2.3:a:apache:http_server:2.4.42
Apache » Http Server » Version: 2.4.43

cpe:2.3:a:apache:http_server:2.4.43
Apache » Http Server » Version: 2.4.44

cpe:2.3:a:apache:http_server:2.4.44
Apache » Http Server » Version: 2.4.45

cpe:2.3:a:apache:http_server:2.4.45
Apache » Http Server » Version: 2.4.46

cpe:2.3:a:apache:http_server:2.4.46
Apache » Http Server » Version: 2.4.47

cpe:2.3:a:apache:http_server:2.4.47
Apache » Http Server » Version: 2.4.48

cpe:2.3:a:apache:http_server:2.4.48
Apache » Http Server » Version: 2.4.49

cpe:2.3:a:apache:http_server:2.4.49
Apache » Http Server » Version: 2.4.5

cpe:2.3:a:apache:http_server:2.4.5
Apache » Http Server » Version: 2.4.50

cpe:2.3:a:apache:http_server:2.4.50
Apache » Http Server » Version: 2.4.51

cpe:2.3:a:apache:http_server:2.4.51
Apache » Http Server » Version: 2.4.52

cpe:2.3:a:apache:http_server:2.4.52
Apache » Http Server » Version: 2.4.53

cpe:2.3:a:apache:http_server:2.4.53
Apache » Http Server » Version: 2.4.54

cpe:2.3:a:apache:http_server:2.4.54
Apache » Http Server » Version: 2.4.55

cpe:2.3:a:apache:http_server:2.4.55
Apache » Http Server » Version: 2.4.56

cpe:2.3:a:apache:http_server:2.4.56
Apache » Http Server » Version: 2.4.57

cpe:2.3:a:apache:http_server:2.4.57
Apache » Http Server » Version: 2.4.58

cpe:2.3:a:apache:http_server:2.4.58
Apache » Http Server » Version: 2.4.59

cpe:2.3:a:apache:http_server:2.4.59
Apache » Http Server » Version: 2.4.6

cpe:2.3:a:apache:http_server:2.4.6
Apache » Http Server » Version: 2.4.7

cpe:2.3:a:apache:http_server:2.4.7
Apache » Http Server » Version: 2.4.8

cpe:2.3:a:apache:http_server:2.4.8
Apache » Http Server » Version: 2.4.9

cpe:2.3:a:apache:http_server:2.4.9
Netapp » Ontap » Version: 9

cpe:2.3:a:netapp:ontap:9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38473

Products

Pricing

Contact Us