HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.
This issue affects Apache HTTP Server: from through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
This weakness can be found at CWE-113.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 2.4.0 (including) | 2.4.67 (excluding) |
| Red Hat Hardened Images | RedHat | httpd-main-2.4.67-1.hum1 | * |
| Apache2 | Ubuntu | devel | * |
| Apache2 | Ubuntu | esm-infra/xenial | * |
| Apache2 | Ubuntu | jammy | * |
| Apache2 | Ubuntu | noble | * |
| Apache2 | Ubuntu | questing | * |
| Apache2 | Ubuntu | resolute | * |
| Apache2 | Ubuntu | upstream | * |