Cyber Resilience

CVE-2024-24795

Medium

Published: 04 April 2024

Published
04 April 2024
Modified
30 June 2025
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score 0.0112 78.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24795 is a medium-severity HTTP Request/Response Splitting (CWE-113) vulnerability in Fedoraproject Fedora. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2024-24795 enables HTTP response splitting in Apache HTTP Server, facilitating exploitation of public-facing web applications through HTTP desynchronization attacks.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0040: AI Model Inference API AccessAML.T0048: External Harms

Affected Assets

apache
http server
2.4.0 — 2.4.59
debian
debian linux
10.0
fedoraproject
fedora
38, 39, 40
netapp
ontap
9
netapp
ontap tools
10
broadcom
fabric operating system
all versions
apple
macos
≤ 14.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References