CVE-2023-38709

moderate-risk

Published 2024-04-04

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

Do I need to act?

3.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.3/10 High

NETWORK / LOW complexity

Affected Products (9)

Http Server

Debian Linux

Fedora

Ontap

Ontap Tools

Fabric Operating System

Macos

Affected Vendors

Debian Apache Apple Broadcom Fedoraproject Netapp

References (20)

Mailing List http://seclists.org/fulldisclosure/2024/Jul/18

Mailing List http://www.openwall.com/lists/oss-security/2024/04/04/3

Vendor Advisory https://httpd.apache.org/security/vulnerabilities_24.html

Mailing List https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

Third Party Advisory https://security.netapp.com/advisory/ntap-20240415-0013/

Third Party Advisory https://support.apple.com/kb/HT214119

Mailing List http://seclists.org/fulldisclosure/2024/Jul/18

Mailing List http://www.openwall.com/lists/oss-security/2024/04/04/3

http://www.openwall.com/lists/oss-security/2025/07/10/2

http://www.openwall.com/lists/oss-security/2025/07/10/3

Vendor Advisory https://httpd.apache.org/security/vulnerabilities_24.html

Mailing List https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

Third Party Advisory https://security.netapp.com/advisory/ntap-20240415-0013/

Third Party Advisory https://support.apple.com/kb/HT214119

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 7/34 · Low

Exposure 15/34 · Moderate