CVE-2024-38473 Vulnerability Details

  /     /     /  

CVE-2024-38473 Metadata Quick Info

CVE Published: 01/07/2024 | CVE Updated: 13/09/2024 | CVE Year: 2024
Source: apache | Vendor: Apache Software Foundation | Product: Apache HTTP Server
Status : PUBLISHED

CVE-2024-38473 Description

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-116
CWE Name: CWE-116 Improper Encoding or Escaping of Output
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: