CVE-2023-38709 Affecting mod_session package, versions <0:2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583


Severity

Recommended
medium

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.04% (15th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE8-MODSESSION-7416456
  • published3 Jul 2024
  • disclosed4 Apr 2024

Introduced: 4 Apr 2024

CVE-2023-38709  (opens in a new tab)

How to fix?

Upgrade Oracle:8 mod_session to version 0:2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583 or higher.
This issue was patched in ELSA-2024-4197.

NVD Description

Note: Versions mentioned in the description apply only to the upstream mod_session package and not the mod_session package as distributed by Oracle. See How to fix? for Oracle:8 relevant fixed versions and status.

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

This issue affects Apache HTTP Server: through 2.4.58.

CVSS Scores

version 3.1