CVE-2024-42516
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-04
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | http_server | From 2.4.0 (inc) to 2.4.64 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an HTTP response splitting issue in the core of Apache HTTP Server. It allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server to split the HTTP response.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could manipulate HTTP responses, potentially leading to security issues such as web cache poisoning, cross-site scripting (XSS), or other attacks that rely on controlling HTTP responses.
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache HTTP Server to version 2.4.64, which fixes this HTTP response splitting vulnerability.