VAR-202404-0120
Vulnerability from variot - Updated: 2025-12-22 22:23Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.
This issue affects Apache HTTP Server: through 2.4.58. ========================================================================== Ubuntu Security Notice USN-6729-2 April 17, 2024
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2023-38709)
Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2024-24795)
Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. (CVE-2024-27316)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro): apache2 2.4.29-1ubuntu4.27+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): apache2 2.4.18-2ubuntu3.17+esm12
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6729-2 https://ubuntu.com/security/notices/USN-6729-1 CVE-2023-38709, CVE-2024-24795, CVE-2024-27316
.
For the oldstable distribution (bullseye), these problems have been fixed in version 2.4.59-1~deb11u1.
For the stable distribution (bookworm), these problems have been fixed in version 2.4.59-1~deb12u1.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYewy0ACgkQEMKTtsN8 Tja35g//YmcqUVOEofpDGsuxzNCW4N4w/9UKJ3Qevb+/+1Vr+HiA1YCckFIOAEVe Utic9aNRH3ujZpUWMSW4BDAvRma/iirXSEiuPc6C8YAgjFo7olgAhBgvDEKyHsD1 cRIVk4GkwL/de0axePNugR4bX+N+ZpQkCDm1i9S54L+LoS/n73MJLkY2LIxzxZi0 SuQ//DiAa7Q6fwN5jl1emRA28KMm72luOndiL7WuO+EdCF8HmkwhQwk0fjryCxru 9xHu+k/Xk0Xqnl4AXAe9ghCxxb6/sYrYJvIFR0RxNcViRuIwC+ce1TwISYSfUphu q8kvfXmllI+FhUGG88KJMLl/7SO1oEEfUEtmWantxmPIjcBbx0fMbWtGxphXlzVW /V7w9aqaHg3eBQIg+9EfFIW++/fk9HEHIRU5j98x7Du/KuMJQGv1T+8/diGOSzof yGALRvHiTaOZGmgs2d6ng1y3t21/UJbQD7dxsGEigdBxCim62FxPm701nQ+aAdd9 OWOqJJi48Z9CLpyIqFIF3T1pJ3G2kU9rWocJ1gaJMIH28pimgIMD1pM79uNA9cIl uxvmpT+ND9vhI9iCI9in9z6HosrKDlHdTGW8DgYUJmJNVS5QWEr0ivxarhaxff1S 1xGJrU+t+Bo7mYzhM6vgdOA7YQp13ljMSPPu9dyd+j6W0sFfQUU= =GLD7 -----END PGP SIGNATURE----- .
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update Advisory ID: RHSA-2024:6927-03 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2024:6927 Issue date: 2024-09-24 Revision: 03 CVE Names: CVE-2023-38709 ====================================================================
Summary:
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.
Security Fix(es):
- jbcs-httpd24-httpd: HTTP response splitting (CVE-2023-38709)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-31
https://security.gentoo.org/
Severity: Low Title: Apache HTTPD: Multiple Vulnerabilities Date: September 28, 2024 Bugs: #928540, #935296, #935427, #936257 ID: 202409-31
Synopsis
Multiple vulnerabilities have been found in Apache HTTPD, the worst of which could result in denial of service.
Affected packages
Package Vulnerable Unaffected
www-servers/apache < 2.4.62 >= 2.4.62
Description
Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.62"
References
[ 1 ] CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 [ 2 ] CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 [ 3 ] CVE-2024-27316 https://nvd.nist.gov/vuln/detail/CVE-2024-27316 [ 4 ] CVE-2024-36387 https://nvd.nist.gov/vuln/detail/CVE-2024-36387 [ 5 ] CVE-2024-38472 https://nvd.nist.gov/vuln/detail/CVE-2024-38472 [ 6 ] CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 [ 7 ] CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 [ 8 ] CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 [ 9 ] CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 [ 10 ] CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 [ 11 ] CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 [ 12 ] CVE-2024-39884 https://nvd.nist.gov/vuln/detail/CVE-2024-39884 [ 13 ] CVE-2024-40725 https://nvd.nist.gov/vuln/detail/CVE-2024-40725 [ 14 ] CVE-2024-40898 https://nvd.nist.gov/vuln/detail/CVE-2024-40898
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202409-31
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202404-0120",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ontap tools",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "10"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "9"
},
{
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.59"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "40"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "39"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "38"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "179274"
},
{
"db": "PACKETSTORM",
"id": "181748"
},
{
"db": "PACKETSTORM",
"id": "181747"
},
{
"db": "PACKETSTORM",
"id": "182614"
}
],
"trust": 0.4
},
"cve": "CVE-2023-38709",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2023-38709",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-38709",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. \n\nThis issue affects Apache HTTP Server: through 2.4.58. ==========================================================================\nUbuntu Security Notice USN-6729-2\nApril 17, 2024\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. \n\nOriginal advisory details:\n\n Orange Tsai discovered that the Apache HTTP Server incorrectly handled\n validating certain input. A remote attacker could possibly use this\n issue to perform HTTP request splitting attacks. (CVE-2023-38709)\n\n Keran Mu and Jianjun Chen discovered that the Apache HTTP Server\n incorrectly handled validating certain input. A remote attacker could\n possibly use this issue to perform HTTP request splitting attacks. \n (CVE-2024-24795)\n\n Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled endless continuation frames. A remote attacker could\n possibly use this issue to cause the server to consume resources, leading\n to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. \n (CVE-2024-27316)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n apache2 2.4.29-1ubuntu4.27+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n apache2 2.4.18-2ubuntu3.17+esm12\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6729-2\n https://ubuntu.com/security/notices/USN-6729-1\n CVE-2023-38709, CVE-2024-24795, CVE-2024-27316\n\n. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 2.4.59-1~deb11u1. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 2.4.59-1~deb12u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYewy0ACgkQEMKTtsN8\nTja35g//YmcqUVOEofpDGsuxzNCW4N4w/9UKJ3Qevb+/+1Vr+HiA1YCckFIOAEVe\nUtic9aNRH3ujZpUWMSW4BDAvRma/iirXSEiuPc6C8YAgjFo7olgAhBgvDEKyHsD1\ncRIVk4GkwL/de0axePNugR4bX+N+ZpQkCDm1i9S54L+LoS/n73MJLkY2LIxzxZi0\nSuQ//DiAa7Q6fwN5jl1emRA28KMm72luOndiL7WuO+EdCF8HmkwhQwk0fjryCxru\n9xHu+k/Xk0Xqnl4AXAe9ghCxxb6/sYrYJvIFR0RxNcViRuIwC+ce1TwISYSfUphu\nq8kvfXmllI+FhUGG88KJMLl/7SO1oEEfUEtmWantxmPIjcBbx0fMbWtGxphXlzVW\n/V7w9aqaHg3eBQIg+9EfFIW++/fk9HEHIRU5j98x7Du/KuMJQGv1T+8/diGOSzof\nyGALRvHiTaOZGmgs2d6ng1y3t21/UJbQD7dxsGEigdBxCim62FxPm701nQ+aAdd9\nOWOqJJi48Z9CLpyIqFIF3T1pJ3G2kU9rWocJ1gaJMIH28pimgIMD1pM79uNA9cIl\nuxvmpT+ND9vhI9iCI9in9z6HosrKDlHdTGW8DgYUJmJNVS5QWEr0ivxarhaxff1S\n1xGJrU+t+Bo7mYzhM6vgdOA7YQp13ljMSPPu9dyd+j6W0sFfQUU=\n=GLD7\n-----END PGP SIGNATURE-----\n. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update\nAdvisory ID: RHSA-2024:6927-03\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2024:6927\nIssue date: 2024-09-24\nRevision: 03\nCVE Names: CVE-2023-38709\n====================================================================\n\nSummary: \n\nRed Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 is now available. \n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. \n\nSecurity Fix(es):\n\n* jbcs-httpd24-httpd: HTTP response splitting (CVE-2023-38709)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section. \n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202409-31\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: September 28, 2024\n Bugs: #928540, #935296, #935427, #936257\n ID: 202409-31\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache HTTPD, the worst of\nwhich could result in denial of service. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n------------------ ------------ ------------\nwww-servers/apache \u003c 2.4.62 \u003e= 2.4.62\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache HTTPD. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.62\"\n\nReferences\n==========\n\n[ 1 ] CVE-2023-38709\n https://nvd.nist.gov/vuln/detail/CVE-2023-38709\n[ 2 ] CVE-2024-24795\n https://nvd.nist.gov/vuln/detail/CVE-2024-24795\n[ 3 ] CVE-2024-27316\n https://nvd.nist.gov/vuln/detail/CVE-2024-27316\n[ 4 ] CVE-2024-36387\n https://nvd.nist.gov/vuln/detail/CVE-2024-36387\n[ 5 ] CVE-2024-38472\n https://nvd.nist.gov/vuln/detail/CVE-2024-38472\n[ 6 ] CVE-2024-38473\n https://nvd.nist.gov/vuln/detail/CVE-2024-38473\n[ 7 ] CVE-2024-38474\n https://nvd.nist.gov/vuln/detail/CVE-2024-38474\n[ 8 ] CVE-2024-38475\n https://nvd.nist.gov/vuln/detail/CVE-2024-38475\n[ 9 ] CVE-2024-38476\n https://nvd.nist.gov/vuln/detail/CVE-2024-38476\n[ 10 ] CVE-2024-38477\n https://nvd.nist.gov/vuln/detail/CVE-2024-38477\n[ 11 ] CVE-2024-39573\n https://nvd.nist.gov/vuln/detail/CVE-2024-39573\n[ 12 ] CVE-2024-39884\n https://nvd.nist.gov/vuln/detail/CVE-2024-39884\n[ 13 ] CVE-2024-40725\n https://nvd.nist.gov/vuln/detail/CVE-2024-40725\n[ 14 ] CVE-2024-40898\n https://nvd.nist.gov/vuln/detail/CVE-2024-40898\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202409-31\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38709"
},
{
"db": "PACKETSTORM",
"id": "179274"
},
{
"db": "PACKETSTORM",
"id": "178035"
},
{
"db": "PACKETSTORM",
"id": "178131"
},
{
"db": "PACKETSTORM",
"id": "178096"
},
{
"db": "PACKETSTORM",
"id": "178298"
},
{
"db": "PACKETSTORM",
"id": "181748"
},
{
"db": "PACKETSTORM",
"id": "181747"
},
{
"db": "PACKETSTORM",
"id": "181910"
},
{
"db": "PACKETSTORM",
"id": "182614"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-38709",
"trust": 1.9
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2024/04/04/3",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/07/10/3",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/07/10/2",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "179274",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178035",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178131",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178096",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "181748",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "181747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "181910",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "182614",
"trust": 0.1
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "179274"
},
{
"db": "PACKETSTORM",
"id": "178035"
},
{
"db": "PACKETSTORM",
"id": "178131"
},
{
"db": "PACKETSTORM",
"id": "178096"
},
{
"db": "PACKETSTORM",
"id": "178298"
},
{
"db": "PACKETSTORM",
"id": "181748"
},
{
"db": "PACKETSTORM",
"id": "181747"
},
{
"db": "PACKETSTORM",
"id": "181910"
},
{
"db": "PACKETSTORM",
"id": "182614"
},
{
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"id": "VAR-202404-0120",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2025-12-22T22:23:29.138000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1284",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240415-0013/"
},
{
"trust": 1.0,
"url": "https://support.apple.com/kb/ht214119"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2025/07/10/3"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/jul/18"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2024/04/04/3"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/i2n2nzex3mr64iwsgl3qgn7ksrugaemf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lx5u34kygdyprh3aj6mddcbjdwdpxnvj/"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2025/07/10/2"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wnv4szapvs43dzwnfu7xbyyozezmi4zc/"
},
{
"trust": 1.0,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38709"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-27316"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-24795"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273491"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-6729-1"
},
{
"trust": 0.2,
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_6_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4197.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:4197"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.57-2ubuntu2.4"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6729-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-43622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-45802"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-31122"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6729-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.1"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:6928"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6928.json"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:6927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-36387"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38474"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-39573"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-39884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38475"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202409-31"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-40898"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-40725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38477"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273499"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:9306"
},
{
"trust": 0.1,
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-14668"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-6576"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-49856"
},
{
"trust": 0.1,
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9306.json"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-6575"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "179274"
},
{
"db": "PACKETSTORM",
"id": "178035"
},
{
"db": "PACKETSTORM",
"id": "178131"
},
{
"db": "PACKETSTORM",
"id": "178096"
},
{
"db": "PACKETSTORM",
"id": "178298"
},
{
"db": "PACKETSTORM",
"id": "181748"
},
{
"db": "PACKETSTORM",
"id": "181747"
},
{
"db": "PACKETSTORM",
"id": "181910"
},
{
"db": "PACKETSTORM",
"id": "182614"
},
{
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "179274"
},
{
"db": "PACKETSTORM",
"id": "178035"
},
{
"db": "PACKETSTORM",
"id": "178131"
},
{
"db": "PACKETSTORM",
"id": "178096"
},
{
"db": "PACKETSTORM",
"id": "178298"
},
{
"db": "PACKETSTORM",
"id": "181748"
},
{
"db": "PACKETSTORM",
"id": "181747"
},
{
"db": "PACKETSTORM",
"id": "181910"
},
{
"db": "PACKETSTORM",
"id": "182614"
},
{
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-01T14:40:30",
"db": "PACKETSTORM",
"id": "179274"
},
{
"date": "2024-04-12T14:46:14",
"db": "PACKETSTORM",
"id": "178035"
},
{
"date": "2024-04-18T15:28:17",
"db": "PACKETSTORM",
"id": "178131"
},
{
"date": "2024-04-17T15:49:51",
"db": "PACKETSTORM",
"id": "178096"
},
{
"date": "2024-04-29T14:47:52",
"db": "PACKETSTORM",
"id": "178298"
},
{
"date": "2024-09-24T13:46:16",
"db": "PACKETSTORM",
"id": "181748"
},
{
"date": "2024-09-24T13:46:08",
"db": "PACKETSTORM",
"id": "181747"
},
{
"date": "2024-09-30T14:35:24",
"db": "PACKETSTORM",
"id": "181910"
},
{
"date": "2024-11-13T15:40:54",
"db": "PACKETSTORM",
"id": "182614"
},
{
"date": "2024-04-04T20:15:08.047000",
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-04T22:15:53.457000",
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "178035"
},
{
"db": "PACKETSTORM",
"id": "178131"
},
{
"db": "PACKETSTORM",
"id": "178298"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2024-4197-03",
"sources": [
{
"db": "PACKETSTORM",
"id": "179274"
}
],
"trust": 0.1
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.