What is CVE-2024-38473?

CVE-2024-38473 is a vulnerability in Apache Software Foundation Http Server, classified under Improper Encoding or Escaping of Output. Published 2024-07-01.

Is CVE-2024-38473 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Http Server

CVE-2024-38473

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade…

EPSS: 0.884 (99.5th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions 2.4.0

Weakness classification (CWE)

CWE-116 — Improper Encoding or Escaping of Output

Public proof-of-concept exploits

References

httpd.apache.org/security/vulnerabilities_24.html (vendor-advisory)
security.netapp.com/advisory/ntap-20240712-0001/

Frequently asked questions

What is CVE-2024-38473?: CVE-2024-38473 is a vulnerability in Apache Software Foundation Http Server, classified under Improper Encoding or Escaping of Output. Published 2024-07-01.
Is CVE-2024-38473 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.