1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6729-3

[USN-6729-3] Apache HTTP Server vulnerabilities

Severity High
Affected Packages 11
CVEs 3
Info Packages Vulnerabilities

Several security issues were fixed in Apache HTTP Server.

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update
provides the corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server incorrectly handled
validating certain input. A remote attacker could possibly use this
issue to perform HTTP request splitting attacks. (CVE-2023-38709)

Keran Mu and Jianjun Chen discovered that the Apache HTTP Server
incorrectly handled validating certain input. A remote attacker could
possibly use this issue to perform HTTP request splitting attacks.
(CVE-2024-24795)

Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module
incorrectly handled endless continuation frames. A remote attacker could
possibly use this issue to cause the server to consume resources, leading
to a denial of service. (CVE-2024-27316)

Package Affected Version
pkg:deb/ubuntu/libapache2-mod-proxy-uwsgi?distro=noble < 2.4.58-1ubuntu8.1
pkg:deb/ubuntu/libapache2-mod-md?distro=noble < 2.4.58-1ubuntu8.1
pkg:deb/ubuntu/apache2?distro=noble < 2.4.58-1ubuntu8.1
pkg:deb/ubuntu/apache2-utils?distro=noble < 2.4.58-1ubuntu8.1
pkg:deb/ubuntu/apache2-suexec-pristine?distro=noble < 2.4.58-1ubuntu8.1
pkg:deb/ubuntu/apache2-suexec-custom?distro=noble < 2.4.58-1ubuntu8.1
pkg:deb/ubuntu/apache2-ssl-dev?distro=noble < 2.4.58-1ubuntu8.1
pkg:deb/ubuntu/apache2-doc?distro=noble < 2.4.58-1ubuntu8.1
pkg:deb/ubuntu/apache2-dev?distro=noble < 2.4.58-1ubuntu8.1
pkg:deb/ubuntu/apache2-data?distro=noble < 2.4.58-1ubuntu8.1
pkg:deb/ubuntu/apache2-bin?distro=noble < 2.4.58-1ubuntu8.1
ID
USN-6729-3
Severity
high
Severity from
CVE-2024-27316
URL
https://ubuntu.com/security/notices/USN-6729-3
Published
2024-04-29T11:31:21
(4 months ago)
Modified
2024-04-29T11:31:21
(4 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/libapache2-mod-proxy-uwsgi?distro=noble ubuntu libapache2-mod-proxy-uwsgi < 2.4.58-1ubuntu8.1 noble
Affected pkg:deb/ubuntu/libapache2-mod-md?distro=noble ubuntu libapache2-mod-md < 2.4.58-1ubuntu8.1 noble
Affected pkg:deb/ubuntu/apache2?distro=noble ubuntu apache2 < 2.4.58-1ubuntu8.1 noble
Affected pkg:deb/ubuntu/apache2-utils?distro=noble ubuntu apache2-utils < 2.4.58-1ubuntu8.1 noble
Affected pkg:deb/ubuntu/apache2-suexec-pristine?distro=noble ubuntu apache2-suexec-pristine < 2.4.58-1ubuntu8.1 noble
Affected pkg:deb/ubuntu/apache2-suexec-custom?distro=noble ubuntu apache2-suexec-custom < 2.4.58-1ubuntu8.1 noble
Affected pkg:deb/ubuntu/apache2-ssl-dev?distro=noble ubuntu apache2-ssl-dev < 2.4.58-1ubuntu8.1 noble
Affected pkg:deb/ubuntu/apache2-doc?distro=noble ubuntu apache2-doc < 2.4.58-1ubuntu8.1 noble
Affected pkg:deb/ubuntu/apache2-dev?distro=noble ubuntu apache2-dev < 2.4.58-1ubuntu8.1 noble
Affected pkg:deb/ubuntu/apache2-data?distro=noble ubuntu apache2-data < 2.4.58-1ubuntu8.1 noble
Affected pkg:deb/ubuntu/apache2-bin?distro=noble ubuntu apache2-bin < 2.4.58-1ubuntu8.1 noble
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date