Test ID:	1.3.6.1.4.1.25623.1.0.114682
Category:	Web Servers
Title:	Apache HTTP Server < 2.4.60 Multiple Vulnerabilities - Linux
Summary:	Apache HTTP Server is prone to multiple vulnerabilities.
Description:	Summary: Apache HTTP Server is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2024-36387: Denial of Service (DoS) by Null pointer in websocket over HTTP/2 - CVE-2024-38473: Proxy encoding problem - CVE-2024-38474: Weakness with encoded question marks in backreferences - CVE-2024-38475: Weakness in mod_rewrite when first segment of substitution matches filesystem path - CVE-2024-38476: May use exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-38477: Crash resulting in DoS in mod_proxy via a malicious request - CVE-2024-39573: mod_rewrite proxy handler substitution Affected Software/OS: Apache HTTP Server version 2.4.59 and prior. Solution: Update to version 2.4.60 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-36387 Common Vulnerability Exposure (CVE) ID: CVE-2024-38473 Common Vulnerability Exposure (CVE) ID: CVE-2024-38474 Common Vulnerability Exposure (CVE) ID: CVE-2024-38475 Common Vulnerability Exposure (CVE) ID: CVE-2024-38476 Common Vulnerability Exposure (CVE) ID: CVE-2024-38477 Common Vulnerability Exposure (CVE) ID: CVE-2024-39573
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.