Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-36387 (GCVE-0-2024-36387)
Vulnerability from cvelistv5 – Published: 2024-07-01 18:10 – Updated: 2025-02-13 17:52
VLAI
EPSS
Title
Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
Summary
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.55 , ≤ 2.4.59
(semver)
|
Credits
Marc Stern (<marc.stern@approach-cyber.com>)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T16:22:03.472412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:28:29.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T17:04:49.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.59",
"status": "affected",
"version": "2.4.55",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Stern (\u003cmarc.stern@approach-cyber.com\u003e)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance."
}
],
"value": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:06:19.347Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-05-27T13:23:00.000Z",
"value": "fixed in r1918003 in trunk"
}
],
"title": "Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-36387",
"datePublished": "2024-07-01T18:10:25.512Z",
"dateReserved": "2024-05-27T11:13:32.415Z",
"dateUpdated": "2025-02-13T17:52:53.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-36387",
"date": "2026-06-04",
"epss": "0.00187",
"percentile": "0.40348"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-36387\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-07-01T19:15:03.497\",\"lastModified\":\"2025-11-06T22:26:05.127\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.\"},{\"lang\":\"es\",\"value\":\"Ofrecer actualizaciones del protocolo WebSocket a trav\u00e9s de una conexi\u00f3n HTTP/2 podr\u00eda provocar una desreferencia del puntero nulo, lo que provocar\u00eda una falla del proceso del servidor y degradar\u00eda el rendimiento.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.55\",\"versionEndIncluding\":\"2.4.59\",\"matchCriteriaId\":\"5A236897-1C35-4AE5-A417-49940A9BCBF8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A20333EE-4C13-426E-8B54-D78679D5DDB8\"}]}]}],\"references\":[{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240712-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/01/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240712-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240712-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/01/4\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-13T17:04:49.998Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36387\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-22T16:22:03.472412Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-22T16:22:11.141Z\"}}], \"cna\": {\"title\": \"Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Marc Stern (\u003cmarc.stern@approach-cyber.com\u003e)\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache HTTP Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.4.55\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.4.59\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-05-27T13:23:00.000Z\", \"value\": \"fixed in r1918003 in trunk\"}], \"references\": [{\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240712-0001/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476 NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-07-12T14:06:19.347Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-36387\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:52:53.571Z\", \"dateReserved\": \"2024-05-27T11:13:32.415Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-07-01T18:10:25.512Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2024:8680
Vulnerability from osv_almalinux
Published
2024-10-30 00:00
Modified
2024-10-31 13:44
Summary
Low: mod_http2 security update
Details
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
Security Fix(es):
- mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "mod_http2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.26-2.el9_4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. \n\nSecurity Fix(es): \n\n * mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:8680",
"modified": "2024-10-31T13:44:32Z",
"published": "2024-10-30T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:8680"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-36387"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2295006"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-8680.html"
}
],
"related": [
"CVE-2024-36387"
],
"summary": "Low: mod_http2 security update"
}
Title
Уязвимость протокола WebSocket веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость протокола WebSocket веб-сервера Apache HTTP Server связана с разыменованием нулевого указателя. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity
Vendor
Novell Inc., Canonical Ltd., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», АО «ИВК», Apache Software Foundation, АО "НППКТ"
Software Name
openSUSE Tumbleweed, Ubuntu, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП (запись в едином реестре российских программ №4305), АЛЬТ СП 10, HTTP Server, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
- (openSUSE Tumbleweed), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), - (Альт 8 СП), 22.04 LTS (Ubuntu), - (АЛЬТ СП 10), 23.10 (Ubuntu), 24.04 LTS (Ubuntu), от 2.4.55 до 2.4.59 включительно (HTTP Server), 1.8 (Astra Linux Special Edition), до 2.11.1 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для Apache HTTP Server:
https://httpd.apache.org/security/vulnerabilities_24.html
https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2
Для Ubuntu:
https://ubuntu.com/security/notices/USN-6885-1
https://ubuntu.com/security/CVE-2024-36387
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2024-36387.html
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-36387
Для ОС Astra Linux:
обновить пакет apache2 до 2.4.57-2+astra.se5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
ОСОН ОСнова Оnyx: Обновление программного обеспечения apache2 до версии 2.4.62-1~deb11u1.osnova19
Для РЕД ОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-httpd-cve-2024-38477-cve-2024-36387/?sphrase_id=644522
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD
Reference
https://www.suse.com/security/cve/CVE-2024-36387.html
https://ubuntu.com/security/CVE-2024-36387
https://ubuntu.com/security/notices/USN-6885-1
https://security-tracker.debian.org/tracker/CVE-2024-36387
https://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
https://altsp.su/obnovleniya-bezopasnosti/
https://altsp.su/obnovleniya-bezopasnosti/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.11.1/
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-httpd-cve-2024-38477-cve-2024-36387/?sphrase_id=644522
https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD
CWE
CWE-476
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Apache Software Foundation, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (openSUSE Tumbleweed), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 22.04 LTS (Ubuntu), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), 23.10 (Ubuntu), 24.04 LTS (Ubuntu), \u043e\u0442 2.4.55 \u0434\u043e 2.4.59 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (HTTP Server), 1.8 (Astra Linux Special Edition), \u0434\u043e 2.11.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apache HTTP Server:\nhttps://httpd.apache.org/security/vulnerabilities_24.html\nhttps://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-6885-1\nhttps://ubuntu.com/security/CVE-2024-36387\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2024-36387.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-36387\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.57-2+astra.se5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx: \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f apache2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.62-1~deb11u1.osnova19\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421:\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-httpd-cve-2024-38477-cve-2024-36387/?sphrase_id=644522\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.05.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "31.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.07.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-05194",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-36387",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "openSUSE Tumbleweed, Ubuntu, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041b\u042c\u0422 \u0421\u041f 10, HTTP Server, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. openSUSE Tumbleweed - , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Canonical Ltd. Ubuntu 22.04 LTS , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , Canonical Ltd. Ubuntu 23.10 , Canonical Ltd. Ubuntu 24.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.11.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 WebSocket \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 WebSocket \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.suse.com/security/cve/CVE-2024-36387.html\nhttps://ubuntu.com/security/CVE-2024-36387\nhttps://ubuntu.com/security/notices/USN-6885-1\nhttps://security-tracker.debian.org/tracker/CVE-2024-36387\nhttps://github.com/apache/httpd/commit/c69a51bff8157e403121f8436d85dde21ad28bd2\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.11.1/\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-httpd-cve-2024-38477-cve-2024-36387/?sphrase_id=644522\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,9)"
}
bit-apache-2024-36387
Vulnerability from bitnami_vulndb
Published
2024-07-03 07:18
Modified
2025-05-20 10:02
Summary
Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
Details
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "apache",
"purl": "pkg:bitnami/apache"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.55"
},
{
"fixed": "2.4.60"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2024-36387"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.",
"id": "BIT-apache-2024-36387",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-07-03T07:18:02.756Z",
"references": [
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/4"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36387"
}
],
"schema_version": "1.5.0",
"summary": "Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2"
}
CERTFR-2024-AVI-0533
Vulnerability from certfr_avis - Published: 2024-07-02 - Updated: 2024-07-02
De multiples vulnérabilités ont été découvertes dans Apache HTTP Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apache | HTTP Server | Apache HTTP Server versions antérieures à 2.4.60 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apache HTTP Server versions ant\u00e9rieures \u00e0 2.4.60",
"product": {
"name": "HTTP Server",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38475",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38475"
},
{
"name": "CVE-2024-38474",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38474"
},
{
"name": "CVE-2024-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36387"
},
{
"name": "CVE-2024-38472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38472"
},
{
"name": "CVE-2024-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38476"
},
{
"name": "CVE-2024-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38477"
},
{
"name": "CVE-2024-38473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38473"
},
{
"name": "CVE-2024-39573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39573"
}
],
"initial_release_date": "2024-07-02T00:00:00",
"last_revision_date": "2024-07-02T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0533",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache HTTP Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache HTTP Server",
"vendor_advisories": [
{
"published_at": "2024-07-01",
"title": "Bulletin de s\u00e9curit\u00e9 Apache HTTP Server CHANGES_2.4.60",
"url": "https://downloads.apache.org/httpd/CHANGES_2.4.60"
}
]
}
CERTFR-2024-AVI-0676
Vulnerability from certfr_avis - Published: 2024-08-14 - Updated: 2024-08-14
De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Security Center | Security Center sans le correctif de sécurité SC-202408.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security Center sans le correctif de s\u00e9curit\u00e9 SC-202408.1",
"product": {
"name": "Security Center",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38475",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38475"
},
{
"name": "CVE-2024-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
},
{
"name": "CVE-2024-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40898"
},
{
"name": "CVE-2024-40725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40725"
},
{
"name": "CVE-2024-38474",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38474"
},
{
"name": "CVE-2024-39884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39884"
},
{
"name": "CVE-2024-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36387"
},
{
"name": "CVE-2024-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2024-38472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38472"
},
{
"name": "CVE-2024-6874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6874"
},
{
"name": "CVE-2024-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38476"
},
{
"name": "CVE-2024-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38477"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-38473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38473"
},
{
"name": "CVE-2024-6197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6197"
},
{
"name": "CVE-2024-39573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39573"
}
],
"initial_release_date": "2024-08-14T00:00:00",
"last_revision_date": "2024-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0676",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Security Center",
"vendor_advisories": [
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-13",
"url": "https://www.tenable.com/security/tns-2024-13"
}
]
}
Title
Apache HTTP Server空指针解引用漏洞
Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。
Apache HTTP Server存在空指针解引用漏洞,攻击者可利用该漏洞导致服务器进程崩溃。
Severity
中
Patch Name
Apache HTTP Server空指针解引用漏洞的补丁
Patch Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。
Apache HTTP Server存在空指针解引用漏洞,攻击者可利用该漏洞导致服务器进程崩溃。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://httpd.apache.org/security/vulnerabilities_24.html
Reference
https://access.redhat.com/security/cve/cve-2024-36387
Impacted products
| Name | Apache HTTP Server >=2.4.55,<=2.4.59 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-36387",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-36387"
}
},
"description": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002\n\nApache HTTP Server\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u5668\u8fdb\u7a0b\u5d29\u6e83\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://httpd.apache.org/security/vulnerabilities_24.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-36392",
"openTime": "2024-08-27",
"patchDescription": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002\r\n\r\nApache HTTP Server\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u5668\u8fdb\u7a0b\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache HTTP Server\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apache HTTP Server \u003e=2.4.55\uff0c\u003c=2.4.59"
},
"referenceLink": "https://access.redhat.com/security/cve/cve-2024-36387",
"serverity": "\u4e2d",
"submitTime": "2024-07-05",
"title": "Apache HTTP Server\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e"
}
FKIE_CVE-2024-36387
Vulnerability from fkie_nvd - Published: 2024-07-01 19:15 - Updated: 2025-11-06 22:26
Severity
Summary
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory | |
| security@apache.org | https://security.netapp.com/advisory/ntap-20240712-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/07/01/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240712-0001/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | * | |
| netapp | ontap | 9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A236897-1C35-4AE5-A417-49940A9BCBF8",
"versionEndIncluding": "2.4.59",
"versionStartIncluding": "2.4.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*",
"matchCriteriaId": "A20333EE-4C13-426E-8B54-D78679D5DDB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance."
},
{
"lang": "es",
"value": "Ofrecer actualizaciones del protocolo WebSocket a trav\u00e9s de una conexi\u00f3n HTTP/2 podr\u00eda provocar una desreferencia del puntero nulo, lo que provocar\u00eda una falla del proceso del servidor y degradar\u00eda el rendimiento."
}
],
"id": "CVE-2024-36387",
"lastModified": "2025-11-06T22:26:05.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-01T19:15:03.497",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
GHSA-463R-P989-2F9J
Vulnerability from github – Published: 2024-07-01 21:31 – Updated: 2024-11-25 18:33
VLAI
Details
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
Severity
5.4 (Medium)
{
"affected": [],
"aliases": [
"CVE-2024-36387"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T19:15:03Z",
"severity": "MODERATE"
},
"details": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.",
"id": "GHSA-463r-p989-2f9j",
"modified": "2024-11-25T18:33:24Z",
"published": "2024-07-01T21:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36387"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240712-0001"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2024-36387
Vulnerability from csaf_microsoft - Published: 2024-07-01 07:00 - Updated: 2026-02-18 01:14Summary
Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
5.4 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17283-17086 | — | ||
| Unresolved product id: 17684-17084 | — | ||
| Unresolved product id: 19781-17084 | — | ||
| Unresolved product id: 19775-17086 | — | ||
| Unresolved product id: 17357-17086 | — |
Known affected
5 products
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-36387.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2",
"tracking": {
"current_release_date": "2026-02-18T01:14:09.000Z",
"generator": {
"date": "2026-02-18T10:54:58.504Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-36387",
"initial_release_date": "2024-07-01T07:00:00.000Z",
"revision_history": [
{
"date": "2024-07-19T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-08-15T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
},
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
},
{
"date": "2024-12-03T00:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added httpd to CBL-Mariner 2.0\nAdded httpd to Azure Linux 3.0"
},
{
"date": "2026-02-18T01:14:09.000Z",
"legacy_version": "2",
"number": "5",
"summary": "Information published."
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 httpd 2.4.61-1",
"product": {
"name": "\u003ccbl2 httpd 2.4.61-1",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "cbl2 httpd 2.4.61-1",
"product": {
"name": "cbl2 httpd 2.4.61-1",
"product_id": "17283"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 httpd 2.4.61-1",
"product": {
"name": "\u003cazl3 httpd 2.4.61-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 httpd 2.4.61-1",
"product": {
"name": "azl3 httpd 2.4.61-1",
"product_id": "17684"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 httpd 2.4.58-4",
"product": {
"name": "\u003cazl3 httpd 2.4.58-4",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 httpd 2.4.58-4",
"product": {
"name": "azl3 httpd 2.4.58-4",
"product_id": "19781"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 httpd 2.4.59-1",
"product": {
"name": "\u003ccbl2 httpd 2.4.59-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 httpd 2.4.59-1",
"product": {
"name": "cbl2 httpd 2.4.59-1",
"product_id": "19775"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 httpd 2.4.59-1",
"product": {
"name": "\u003ccbl2 httpd 2.4.59-1",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "cbl2 httpd 2.4.59-1",
"product": {
"name": "cbl2 httpd 2.4.59-1",
"product_id": "17357"
}
}
],
"category": "product_name",
"name": "httpd"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 httpd 2.4.61-1 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 httpd 2.4.61-1 as a component of CBL Mariner 2.0",
"product_id": "17283-17086"
},
"product_reference": "17283",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 httpd 2.4.61-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 httpd 2.4.61-1 as a component of Azure Linux 3.0",
"product_id": "17684-17084"
},
"product_reference": "17684",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 httpd 2.4.58-4 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 httpd 2.4.58-4 as a component of Azure Linux 3.0",
"product_id": "19781-17084"
},
"product_reference": "19781",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 httpd 2.4.59-1 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 httpd 2.4.59-1 as a component of CBL Mariner 2.0",
"product_id": "19775-17086"
},
"product_reference": "19775",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 httpd 2.4.59-1 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 httpd 2.4.59-1 as a component of CBL Mariner 2.0",
"product_id": "17357-17086"
},
"product_reference": "17357",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-36387",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "general",
"text": "apache",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17283-17086",
"17684-17084",
"19781-17084",
"19775-17086",
"17357-17086"
],
"known_affected": [
"17086-5",
"17084-3",
"17084-1",
"17086-2",
"17086-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-36387.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-19T00:00:00.000Z",
"details": "2.4.61-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-5",
"17084-3",
"17084-1",
"17086-2",
"17086-4"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"17086-5",
"17084-3",
"17084-1",
"17086-2",
"17086-4"
]
}
],
"title": "Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2"
}
]
}
NCSC-2024-0275
Vulnerability from csaf_ncscnl - Published: 2024-07-02 11:44 - Updated: 2024-07-02 11:44Summary
Kwetsbaarheden verholpen in Apache HHTP-server
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Apache Software Foundation heeft kwetsbaarheden verholpen in de Apache HTTP-Server.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, middels een Server-Side-Request-Forgery (SSRF) verkeer te manipuleren, of om code uit te voeren binnen de webserver, waarvoor de kwaadwillende aanvankelijk niet is geautoriseerd.
Oplossingen: Apache Software Foundation heeft updates uitgebracht om de kwetsbaarheden te verhelpen in Apache HTTP-Server 2.4.60. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-116: Improper Encoding or Escaping of Output
CWE-172: Encoding Error
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-284: Improper Access Control
CWE-404: Improper Resource Shutdown or Release
CWE-476: NULL Pointer Dereference
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CWE-918: Server-Side Request Forgery (SSRF)
CWE-476
- NULL Pointer Dereference
Affected products
Known affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.53:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.55:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.59:*:*:*:*:*:*:*
|
— |
CWE-918
- Server-Side Request Forgery (SSRF)
Affected products
Known affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.53:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.59:*:*:*:*:*:*:*
|
— |
CWE-172
- Encoding Error
Affected products
Known affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.53:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.59:*:*:*:*:*:*:*
|
— |
8.2 (High)
Affected products
Known affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.53:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.59:*:*:*:*:*:*:*
|
— |
8.2 (High)
Affected products
Known affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.53:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.59:*:*:*:*:*:*:*
|
— |
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
Affected products
Known affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.53:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.59:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.53:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.59:*:*:*:*:*:*:*
|
— |
CWE-918
- Server-Side Request Forgery (SSRF)
Affected products
Known affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*
|
— | |
|
http_server
apache
|
cpe:2.3:a:apache:http_server:2.4.53:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.0:*:*:*:*:*:*:*
|
— | |
|
apache_http_server
apache_software_foundation
|
cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.59:*:*:*:*:*:*:*
|
— |
References
9 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apache Software Foundation heeft kwetsbaarheden verholpen in de Apache HTTP-Server.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, middels een Server-Side-Request-Forgery (SSRF) verkeer te manipuleren, of om code uit te voeren binnen de webserver, waarvoor de kwaadwillende aanvankelijk niet is geautoriseerd.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apache Software Foundation heeft updates uitgebracht om de kwetsbaarheden te verhelpen in Apache HTTP-Server 2.4.60. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "general",
"text": "Encoding Error",
"title": "CWE-172"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; redhat",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"title": "Kwetsbaarheden verholpen in Apache HHTP-server",
"tracking": {
"current_release_date": "2024-07-02T11:44:22.653047Z",
"id": "NCSC-2024-0275",
"initial_release_date": "2024-07-02T11:44:22.653047Z",
"revision_history": [
{
"date": "2024-07-02T11:44:22.653047Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "apache_http_server",
"product": {
"name": "apache_http_server",
"product_id": "CSAFPID-1465466",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "apache_http_server",
"product": {
"name": "apache_http_server",
"product_id": "CSAFPID-1491761",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.55:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "apache_http_server",
"product": {
"name": "apache_http_server",
"product_id": "CSAFPID-1491762",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache_software_foundation:apache_http_server:2.4.59:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "apache_software_foundation"
},
{
"branches": [
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76769",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76761",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76766",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139639",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76770",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76772",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139611",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139603",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139596",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139667",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139663",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139697",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76762",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139591",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139684",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139652",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-96956",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139580",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139628",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139643",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139651",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139623",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139593",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76764",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139704",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139647",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.31:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139728",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.32:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139724",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139584",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139696",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139685",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.36:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139677",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139585",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139577",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.39:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76767",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139664",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.40:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139675",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.41:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.42:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139569",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.43:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139689",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.44:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139655",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.45:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139716",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.46:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139737",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.47:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139568",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.48:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139711",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139589",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139662",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139619",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.51:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139563",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.52:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-139637",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.53:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-140516",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.54:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-142004",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.55:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-1473391",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.56:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-1473393",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.57:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-1473392",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.58:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-1491521",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.59:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76765",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76763",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76771",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "http_server",
"product": {
"name": "http_server",
"product_id": "CSAFPID-76773",
"product_identification_helper": {
"cpe": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "apache"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-36387",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-76769",
"CSAFPID-76761",
"CSAFPID-76762",
"CSAFPID-76764",
"CSAFPID-76767",
"CSAFPID-76765",
"CSAFPID-76763",
"CSAFPID-76771",
"CSAFPID-76773",
"CSAFPID-76766",
"CSAFPID-76770",
"CSAFPID-139611",
"CSAFPID-139596",
"CSAFPID-139667",
"CSAFPID-139663",
"CSAFPID-139697",
"CSAFPID-139591",
"CSAFPID-139684",
"CSAFPID-139652",
"CSAFPID-96956",
"CSAFPID-139580",
"CSAFPID-139628",
"CSAFPID-139643",
"CSAFPID-139651",
"CSAFPID-139623",
"CSAFPID-139593",
"CSAFPID-139704",
"CSAFPID-139724",
"CSAFPID-139584",
"CSAFPID-139696",
"CSAFPID-139677",
"CSAFPID-139585",
"CSAFPID-139737",
"CSAFPID-139711",
"CSAFPID-139662",
"CSAFPID-139637",
"CSAFPID-1491761",
"CSAFPID-1491762"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36387",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36387.json"
}
],
"title": "CVE-2024-36387"
},
{
"cve": "CVE-2024-38472",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-76769",
"CSAFPID-76761",
"CSAFPID-76762",
"CSAFPID-76764",
"CSAFPID-76767",
"CSAFPID-76765",
"CSAFPID-76763",
"CSAFPID-76771",
"CSAFPID-76773",
"CSAFPID-76766",
"CSAFPID-76770",
"CSAFPID-139611",
"CSAFPID-139596",
"CSAFPID-139667",
"CSAFPID-139663",
"CSAFPID-139697",
"CSAFPID-139591",
"CSAFPID-139684",
"CSAFPID-139652",
"CSAFPID-96956",
"CSAFPID-139580",
"CSAFPID-139628",
"CSAFPID-139643",
"CSAFPID-139651",
"CSAFPID-139623",
"CSAFPID-139593",
"CSAFPID-139704",
"CSAFPID-139724",
"CSAFPID-139584",
"CSAFPID-139696",
"CSAFPID-139677",
"CSAFPID-139585",
"CSAFPID-139737",
"CSAFPID-139711",
"CSAFPID-139662",
"CSAFPID-139637",
"CSAFPID-1465466",
"CSAFPID-1491762"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38472",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38472.json"
}
],
"title": "CVE-2024-38472"
},
{
"cve": "CVE-2024-38473",
"cwe": {
"id": "CWE-172",
"name": "Encoding Error"
},
"notes": [
{
"category": "other",
"text": "Encoding Error",
"title": "CWE-172"
},
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
}
],
"product_status": {
"known_affected": [
"CSAFPID-76769",
"CSAFPID-76761",
"CSAFPID-76762",
"CSAFPID-76764",
"CSAFPID-76767",
"CSAFPID-76765",
"CSAFPID-76763",
"CSAFPID-76771",
"CSAFPID-76773",
"CSAFPID-76766",
"CSAFPID-76770",
"CSAFPID-139611",
"CSAFPID-139596",
"CSAFPID-139667",
"CSAFPID-139663",
"CSAFPID-139697",
"CSAFPID-139591",
"CSAFPID-139684",
"CSAFPID-139652",
"CSAFPID-96956",
"CSAFPID-139580",
"CSAFPID-139628",
"CSAFPID-139643",
"CSAFPID-139651",
"CSAFPID-139623",
"CSAFPID-139593",
"CSAFPID-139704",
"CSAFPID-139724",
"CSAFPID-139584",
"CSAFPID-139696",
"CSAFPID-139677",
"CSAFPID-139585",
"CSAFPID-139737",
"CSAFPID-139711",
"CSAFPID-139662",
"CSAFPID-139637",
"CSAFPID-1465466",
"CSAFPID-1491762"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38473",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38473.json"
}
],
"title": "CVE-2024-38473"
},
{
"cve": "CVE-2024-38474",
"cwe": {
"id": "CWE-172",
"name": "Encoding Error"
},
"notes": [
{
"category": "other",
"text": "Encoding Error",
"title": "CWE-172"
},
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
}
],
"product_status": {
"known_affected": [
"CSAFPID-76769",
"CSAFPID-76761",
"CSAFPID-76762",
"CSAFPID-76764",
"CSAFPID-76767",
"CSAFPID-76765",
"CSAFPID-76763",
"CSAFPID-76771",
"CSAFPID-76773",
"CSAFPID-76766",
"CSAFPID-76770",
"CSAFPID-139611",
"CSAFPID-139596",
"CSAFPID-139667",
"CSAFPID-139663",
"CSAFPID-139697",
"CSAFPID-139591",
"CSAFPID-139684",
"CSAFPID-139652",
"CSAFPID-96956",
"CSAFPID-139580",
"CSAFPID-139628",
"CSAFPID-139643",
"CSAFPID-139651",
"CSAFPID-139623",
"CSAFPID-139593",
"CSAFPID-139704",
"CSAFPID-139724",
"CSAFPID-139584",
"CSAFPID-139696",
"CSAFPID-139677",
"CSAFPID-139585",
"CSAFPID-139737",
"CSAFPID-139711",
"CSAFPID-139662",
"CSAFPID-139637",
"CSAFPID-1465466",
"CSAFPID-1491762"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38474",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38474.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-76769",
"CSAFPID-76761",
"CSAFPID-76762",
"CSAFPID-76764",
"CSAFPID-76767",
"CSAFPID-76765",
"CSAFPID-76763",
"CSAFPID-76771",
"CSAFPID-76773",
"CSAFPID-76766",
"CSAFPID-76770",
"CSAFPID-139611",
"CSAFPID-139596",
"CSAFPID-139667",
"CSAFPID-139663",
"CSAFPID-139697",
"CSAFPID-139591",
"CSAFPID-139684",
"CSAFPID-139652",
"CSAFPID-96956",
"CSAFPID-139580",
"CSAFPID-139628",
"CSAFPID-139643",
"CSAFPID-139651",
"CSAFPID-139623",
"CSAFPID-139593",
"CSAFPID-139704",
"CSAFPID-139724",
"CSAFPID-139584",
"CSAFPID-139696",
"CSAFPID-139677",
"CSAFPID-139585",
"CSAFPID-139737",
"CSAFPID-139711",
"CSAFPID-139662",
"CSAFPID-139637",
"CSAFPID-1465466",
"CSAFPID-1491762"
]
}
],
"title": "CVE-2024-38474"
},
{
"cve": "CVE-2024-38475",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
}
],
"product_status": {
"known_affected": [
"CSAFPID-76769",
"CSAFPID-76761",
"CSAFPID-76762",
"CSAFPID-76764",
"CSAFPID-76767",
"CSAFPID-76765",
"CSAFPID-76763",
"CSAFPID-76771",
"CSAFPID-76773",
"CSAFPID-76766",
"CSAFPID-76770",
"CSAFPID-139611",
"CSAFPID-139596",
"CSAFPID-139667",
"CSAFPID-139663",
"CSAFPID-139697",
"CSAFPID-139591",
"CSAFPID-139684",
"CSAFPID-139652",
"CSAFPID-96956",
"CSAFPID-139580",
"CSAFPID-139628",
"CSAFPID-139643",
"CSAFPID-139651",
"CSAFPID-139623",
"CSAFPID-139593",
"CSAFPID-139704",
"CSAFPID-139724",
"CSAFPID-139584",
"CSAFPID-139696",
"CSAFPID-139677",
"CSAFPID-139585",
"CSAFPID-139737",
"CSAFPID-139711",
"CSAFPID-139662",
"CSAFPID-139637",
"CSAFPID-1465466",
"CSAFPID-1491762"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38475",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-76769",
"CSAFPID-76761",
"CSAFPID-76762",
"CSAFPID-76764",
"CSAFPID-76767",
"CSAFPID-76765",
"CSAFPID-76763",
"CSAFPID-76771",
"CSAFPID-76773",
"CSAFPID-76766",
"CSAFPID-76770",
"CSAFPID-139611",
"CSAFPID-139596",
"CSAFPID-139667",
"CSAFPID-139663",
"CSAFPID-139697",
"CSAFPID-139591",
"CSAFPID-139684",
"CSAFPID-139652",
"CSAFPID-96956",
"CSAFPID-139580",
"CSAFPID-139628",
"CSAFPID-139643",
"CSAFPID-139651",
"CSAFPID-139623",
"CSAFPID-139593",
"CSAFPID-139704",
"CSAFPID-139724",
"CSAFPID-139584",
"CSAFPID-139696",
"CSAFPID-139677",
"CSAFPID-139585",
"CSAFPID-139737",
"CSAFPID-139711",
"CSAFPID-139662",
"CSAFPID-139637",
"CSAFPID-1465466",
"CSAFPID-1491762"
]
}
],
"title": "CVE-2024-38475"
},
{
"cve": "CVE-2024-38476",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
}
],
"product_status": {
"known_affected": [
"CSAFPID-76769",
"CSAFPID-76761",
"CSAFPID-76762",
"CSAFPID-76764",
"CSAFPID-76767",
"CSAFPID-76765",
"CSAFPID-76763",
"CSAFPID-76771",
"CSAFPID-76773",
"CSAFPID-76766",
"CSAFPID-76770",
"CSAFPID-139611",
"CSAFPID-139596",
"CSAFPID-139667",
"CSAFPID-139663",
"CSAFPID-139697",
"CSAFPID-139591",
"CSAFPID-139684",
"CSAFPID-139652",
"CSAFPID-96956",
"CSAFPID-139580",
"CSAFPID-139628",
"CSAFPID-139643",
"CSAFPID-139651",
"CSAFPID-139623",
"CSAFPID-139593",
"CSAFPID-139704",
"CSAFPID-139724",
"CSAFPID-139584",
"CSAFPID-139696",
"CSAFPID-139677",
"CSAFPID-139585",
"CSAFPID-139737",
"CSAFPID-139711",
"CSAFPID-139662",
"CSAFPID-139637",
"CSAFPID-1465466",
"CSAFPID-1491762"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38476",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38476.json"
}
],
"title": "CVE-2024-38476"
},
{
"cve": "CVE-2024-38477",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-76769",
"CSAFPID-76761",
"CSAFPID-76762",
"CSAFPID-76764",
"CSAFPID-76767",
"CSAFPID-76765",
"CSAFPID-76763",
"CSAFPID-76771",
"CSAFPID-76773",
"CSAFPID-76766",
"CSAFPID-76770",
"CSAFPID-139611",
"CSAFPID-139596",
"CSAFPID-139667",
"CSAFPID-139663",
"CSAFPID-139697",
"CSAFPID-139591",
"CSAFPID-139684",
"CSAFPID-139652",
"CSAFPID-96956",
"CSAFPID-139580",
"CSAFPID-139628",
"CSAFPID-139643",
"CSAFPID-139651",
"CSAFPID-139623",
"CSAFPID-139593",
"CSAFPID-139704",
"CSAFPID-139724",
"CSAFPID-139584",
"CSAFPID-139696",
"CSAFPID-139677",
"CSAFPID-139585",
"CSAFPID-139737",
"CSAFPID-139711",
"CSAFPID-139662",
"CSAFPID-139637",
"CSAFPID-1465466",
"CSAFPID-1491762"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38477",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38477.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-76769",
"CSAFPID-76761",
"CSAFPID-76762",
"CSAFPID-76764",
"CSAFPID-76767",
"CSAFPID-76765",
"CSAFPID-76763",
"CSAFPID-76771",
"CSAFPID-76773",
"CSAFPID-76766",
"CSAFPID-76770",
"CSAFPID-139611",
"CSAFPID-139596",
"CSAFPID-139667",
"CSAFPID-139663",
"CSAFPID-139697",
"CSAFPID-139591",
"CSAFPID-139684",
"CSAFPID-139652",
"CSAFPID-96956",
"CSAFPID-139580",
"CSAFPID-139628",
"CSAFPID-139643",
"CSAFPID-139651",
"CSAFPID-139623",
"CSAFPID-139593",
"CSAFPID-139704",
"CSAFPID-139724",
"CSAFPID-139584",
"CSAFPID-139696",
"CSAFPID-139677",
"CSAFPID-139585",
"CSAFPID-139737",
"CSAFPID-139711",
"CSAFPID-139662",
"CSAFPID-139637",
"CSAFPID-1465466",
"CSAFPID-1491762"
]
}
],
"title": "CVE-2024-38477"
},
{
"cve": "CVE-2024-39573",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-76769",
"CSAFPID-76761",
"CSAFPID-76762",
"CSAFPID-76764",
"CSAFPID-76767",
"CSAFPID-76765",
"CSAFPID-76763",
"CSAFPID-76771",
"CSAFPID-76773",
"CSAFPID-76766",
"CSAFPID-76770",
"CSAFPID-139611",
"CSAFPID-139596",
"CSAFPID-139667",
"CSAFPID-139663",
"CSAFPID-139697",
"CSAFPID-139591",
"CSAFPID-139684",
"CSAFPID-139652",
"CSAFPID-96956",
"CSAFPID-139580",
"CSAFPID-139628",
"CSAFPID-139643",
"CSAFPID-139651",
"CSAFPID-139623",
"CSAFPID-139593",
"CSAFPID-139704",
"CSAFPID-139724",
"CSAFPID-139584",
"CSAFPID-139696",
"CSAFPID-139677",
"CSAFPID-139585",
"CSAFPID-139737",
"CSAFPID-139711",
"CSAFPID-139662",
"CSAFPID-139637",
"CSAFPID-1465466",
"CSAFPID-1491762"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39573",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39573.json"
}
],
"title": "CVE-2024-39573"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…