CVE-2024-38477

State: PUBLISHED · Published: 2024-07-01 · Updated: 2025-11-03 · Assigner: apache

Description

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

CWE

CWE-476 — CWE-476 NULL Pointer Dereference

Affected

Apache Software Foundation / Apache HTTP Server — v=2.4.0 ≤2.4.59 [affected]

CVSS

(none)

References

https://httpd.apache.org/security/vulnerabilities_24.html vendor-advisory
https://security.netapp.com/advisory/ntap-20240712-0001/

Source

cvelistV5-main/cves/2024/38xxx/CVE-2024-38477.json