Apache HTTP Server Response Splitting via Faulty Input Validation < 2.4.58
CVE-2023-38709 Published on April 4, 2024
Apache HTTP Server: HTTP response splitting
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.
This issue affects Apache HTTP Server: through 2.4.58.
Vulnerability Analysis
CVE-2023-38709 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Timeline
reported
Weakness Type
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Products Associated with CVE-2023-38709
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-38709 are published in these products:
Affected Versions
Apache Software Foundation Apache HTTP Server:- Before and including 2.4.58 is affected.
- Before and including 2.4.58 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.