CVE-2024-38477

Published: Jul 1, 2024Modified: Nov 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Affected (2)

Products: Apache: Http Server · Netapp: Clustered Data Ontap

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 2.4.0 to 2.4.60

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	Version 9.0

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (6)

https://httpd.apache.org/security/vulnerabilities_24.html

Source: security@apache.org

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240712-0001/

Source: security@apache.org

Third Party Advisory

http://seclists.org/fulldisclosure/2024/Oct/11

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2024/07/01/10

Source: af854a3a-2127-422b-91ae-364da2661108

https://httpd.apache.org/security/vulnerabilities_24.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240712-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.