Vulnerability CVE-2024-38477: Information

Description

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Published: July 1, 2024
Modified: July 12, 2024
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.61-alt12.4.61-alt1ALT-PU-2024-9736-1352421Fixed
apache2sisyphus_e2k2.4.61-alt12.4.61-alt1ALT-PU-2024-10114-1-Fixed
apache2sisyphus_riscv642.4.61-alt12.4.61-alt1ALT-PU-2024-9756-1-Fixed
apache2sisyphus_loongarch642.4.61-alt12.4.61-alt1ALT-PU-2024-9761-1-Fixed
apache2p102.4.61-alt12.4.61-alt1ALT-PU-2024-10005-2352549Fixed
apache2c10f12.4.61-alt12.4.61-alt1ALT-PU-2024-10192-2352691Fixed
apache2c9f22.4.61-alt12.4.59-alt1ALT-PU-2024-10223-1352692Testing
apache2p112.4.61-alt12.4.61-alt1ALT-PU-2024-9738-2352426Fixed

References to Advisories, Solutions, and Tools