CVE-2024-38473

{"id": "CVE-2024-38473", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-07-01T19:15:04.657", "references": [{"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/01/6", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue."}, {"lang": "es", "value": "El problema de codificaci\u00f3n en mod_proxy en Apache HTTP Server 2.4.59 y versiones anteriores permite que las URL de solicitud con codificaci\u00f3n incorrecta se env\u00eden a servicios backend, lo que potencialmente evita la autenticaci\u00f3n mediante solicitudes manipuladas. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.4.60, que soluciona este problema."}], "lastModified": "2024-11-21T09:26:02.607", "sourceIdentifier": "security@apache.org"}