NVD Vulnerability Detail

CVE-2024-24795

Summary	HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.
Publication Date	April 5, 2024, 5:15 a.m.
Registration Date	April 5, 2024, 10 a.m.
Last Update	Nov. 21, 2024, 5:59 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	http://seclists.org/fulldisclosure/2024/Jul/18
2	http://www.openwall.com/lists/oss-security/2024/04/04/5
3	https://httpd.apache.org/security/vulnerabilities_24.html
4	https://httpd.apache.org/security/vulnerabilities_24.html
5	https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
6	https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html
7	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
9	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
10	https://security.netapp.com/advisory/ntap-20240415-0013/
11	https://support.apple.com/kb/HT214119

Common Vulnerabilities List

JVN Vulnerability Information

Apache Software Foundation の Apache HTTP Server 等複数ベンダの製品における HTTP レスポンス分割に関する脆弱性

Title	Apache Software Foundation の Apache HTTP Server 等複数ベンダの製品における HTTP レスポンス分割に関する脆弱性
Summary	Apache Software Foundation の Apache HTTP Server 等複数ベンダの製品には、HTTP レスポンス分割に関する脆弱性、HTTP リクエストスマグリングに関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 4, 2024, midnight
Registration Date	July 1, 2025, 11:01 a.m.
Last Update	July 1, 2025, 11:01 a.m.

Affected System

Apache Software Foundation

Apache HTTP Server 2.4.0 以上 2.4.59 未満

アップル

macOS 14.6 未満

Broadcom

Fabric Operating System

Debian

Debian GNU/Linux 10.0

Fedora Project

Fedora 38

Fedora 39

Fedora 40

NetApp

ONTAP (旧 Clustered Data ONTAP) 9

ontap tools 10

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-24795	https://www.cve.org/CVERecord?id=CVE-2024-24795
National Vulnerability Database (NVD)
2	CVE-2024-24795	https://nvd.nist.gov/vuln/detail/CVE-2024-24795

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-113	https://cwe.mitre.org/data/definitions/113.html
2	CWE-444	https://cwe.mitre.org/data/definitions/444.html

ベンダー情報

No	Name	URL
Apache httpd 2.4 vulnerabilities
1	low: Apache HTTP Server: HTTP Response Splitting in multiple modules (CVE-2024-24795)	https://httpd.apache.org/security/vulnerabilities_24.html
Apple Security Updates
2	120911	https://support.apple.com/en-us/120911
Apple セキュリティアップデート
3	120911	https://support.apple.com/ja-jp/120911
Broadcom
4	トップページ	https://jp.broadcom.com/products/fibre-channel-networking/software/fabric-operating-system
Debian
5	[SECURITY] [DLA 3818-1] apache2 security update	https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
6	[SECURITY] [DLA 3819-1] fossil security update	https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html
Fedora Update Notification
7	FEDORA-2024-937be154d8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
8	FEDORA-2024-c2f6576348	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
9	FEDORA-2024-d0dccd6b96	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
NetApp Advisory
10	NTAP-20240415-0013	https://security.netapp.com/advisory/ntap-20240415-0013/

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-24-319-04	https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-04
JVN
2	JVNVU#96191615	https://jvn.jp/vu/JVNVU96191615/
3	JVNVU#99032532	https://jvn.jp/vu/JVNVU99032532/
関連文書
4	seclists.org (Jul/18)	http://seclists.org/fulldisclosure/2024/Jul/18
5	www.openwall.com (oss-security/2024/04/04/5)	http://www.openwall.com/lists/oss-security/2024/04/04/5

Change Log

No	Changed Details	Date of change
1	[2025年07月01日] 掲載	July 1, 2025, 11:01 a.m.