Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache HTTP Server Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerability (CVE-2024-24795)

Description

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

Remediation

References

Related Vulnerabilities

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8131)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9581)

WordPress Plugin Dialog Contact Form Cross-Site Scripting (1.2.0)

WordPress Plugin VikBooking Hotel Booking Engine & PMS Cross-Site Scripting (1.5.8)

WordPress Plugin Menu Swapper Cross-Site Request Forgery (1.1.0.2)

Severity

Medium

Classification

CVE-2024-24795 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities